NO PLACE 
TO HIDE 



ED WA RD SNOWDEN. TH E NSA, AND 
THE U. S. SURVEILLANCE STATE 



GLENN GREENWALD 



m 



This book is dedicated to all those 
who have sought to shine a light 
on the US government’s secret 
mass surveillance systems, 
particularly the courageous 
whistle-blowers who have risked 
their liberty' to do so. 




3 



COLLECT IT ALL 



The archive of documents Edward Snowden had assembled 
was stunning in both size and scope. Even as someone w T ho 
had spent years WTiting about the dangers of secret US 
surveillance, I found the sheer vastness of the spying system 
genuinely shocking, all the more so because it had clearly 
been implemented with virtually no accountability, no 
transparency, and no limits. 

The thousands of discrete surveillance programs described 
by the archive were never intended by those who 
implemented them to become public knowledge. Many of the 
programs w 7 ere aimed at the American population, but dozens 
of countries around the planet— including democracies 
typically considered US allies, such as France, Brazil, India, 
and Germany— were also targets of indiscriminate mass 
surveillance. 

Snow 7 den’s archive w r as elegantly organized, but its size 
and complexity^ made it extremely difficult to process. The 
tens of thousands of NSA documents in it had been produced 
by virtually every unit and subdivision within the sprawling 
agency, and it also contained some files from closely aligned 
foreign intelligence agencies. The documents w 7 ere startlingly 
recent: mostly from 2011 and 2012, and many from 2013. 
Some even dated from March and April of that year, just 



months before w 7 e met Snow 7 den in Hong Kong. 

The vast majority 7 of the files in the archive were 
designated “top secret.” Most of those w r ere marked “FVEY,” 
meaning that they were approved for distribution only to the 
NSA’s four closest surveillance allies, the “Five Eyes” English- 
speaking alliance composed of Britain, Canada, Australia, and 
New 7 Zealand. Others w 7 ere meant for US eyes only, marked 
“NGFORN” for “no foreign distribution.” Certain documents, 
such as the FISA court order allowing collection of telephone 
records and Obama’s presidential directive to prepare 
offensive cyber-operations, w 7 ere among the US government’s 
most closely held secrets. 

Deciphering the archive and the NSA’s language involved 
a steep learning curve. The agency communicates with itself 
and its partners in an idiosyncratic language of its own, a 
lingo that is bureaucratic and stilted yet at times boastful and 
even snarky. Most of the documents were also quite 
technical, filled with forbidding acronyms and code names, 
and sometimes required that other documents be read first 
before they could be understood. 

But Snow r den had anticipated the problem, providing 
glossaries of acronyms and program names, as w 7 ell as 
internal agency dictionaries for terms of art. Still, some 
documents w 7 ere impenetrable on the first, second, or even 
third reading. Their significance emerged only after I had put 
together different parts of other papers and consulted with 
some of the world’s foremost experts on surveillance, 
cryptography, hacking, the history of the NSA, and the legal 
framework governing American spying. 

Compounding the difficulty w T as the fact that the 
mountains of documents were often organized not by subject 
but by branch of the agency wTiere they had originated, and 



dramatic revelations were mixed in with large amounts of 
banal or highly technical material. Although the Guardian 
devised a program to search through the files by keyword, 
which was of great help, that program was far from perfect. 
The process of digesting the archive was painstakingly slow, 
and many months after we first received the documents, 
some terms and programs still required further reporting 
before they could be safely and coherently disclosed. 

Despite such problems, though, Snowden's files 
indisputably laid bare a complex web of surveillance aimed at 
Americans (who are explicitly beyond the NSA’s mission) and 
non-Americans alike. The archive revealed the technical 
means used to intercept communications: the NSA’s tapping 
of Internet servers, satellites, underwater fiber-optic cables, 
local and foreign telephone systems, and personal computers. 
It identified individuals targeted for extremely invasive forms 
of spying, a list that ranged from alleged terrorists and 
criminal suspects to the democratically elected leaders of the 
nation's allies and even ordinary American citizens. And it 
shed light on the NSA’s overall strategies and goals. 

Snowden had placed crucial, overarching documents at the 
front of the archive, flagging them as especially important. 
These files disclosed the agency’s extraordinary reach, as well 
as its deceit and even criminality. The BOUNDLESS 
INFORMANT program was one of the first such revelations, 
showing that the NSA counts all the telephone calls and 
emails collected every day from around the world with 
mathematical exactitude. Snowden had placed these files so 
prominently not only because they quantified the volume of 
calls and emails collected and stored by the NSA— literally 
billions each day— but also because they proved that NSA 
chief Keith Alexander and other officials had lied to Congress. 



Repeatedly, NSA officials had claimed that they were 
incapable of providing specific numbers— exactly the data that 
BOUNDLESS INFORMANT was constructed to assemble. 

For the one-month period beginning March 8, 2013, for 
example, a BOUNDLESS INFORMANT slide showed that a 
single unit of the NSA, Global Access Operations, had 
collected data on more than 3 billion telephone calls and 
emails that had passed through the US telecommunications 
system. (“DNR," or “Dialed Number Recognition,’' refers to 
telephone calls; “DNI,” or “Digital Network Intelligence,’' 
refers to Internet-based communications such as emails.) 
That exceeded the collection from the systems each of Russia, 
Mexico, and virtually all the countries in Europe, and was 
roughly equal to the collection of data from China. 

Overall, in just thirty days the unit had collected data on 
more than 97 billion emails and 124 billion phone calls from 
around the world. Another BOUNDLESS INFORMANT 
document detailed the international data collected in a single 
thirty-day period from Germany (500 million), Brazil (2.3 
billion), and India (13.5 billion). And yet other files showed 
collection of metadata in cooperation with the governments 
of France (70 million), Spain (60 million), Italy (47 million), 
the Netherlands (1.8 million), Norway (33 million), and 
Denmark (23 million). 





Despite the NSA’s statutorily defined focus on “foreign 
intelligence,” the documents confirmed that the American 
public was an equally important target for the secret 
surveillance. Nothing made that clearer than the April 25, 
2013, top secret order from the FISA court compelling 
Verizon to turn over to the NSA all information about its 
American customers’ telephone calls, the “telephony 
metadata.” Marked “NOFORN,” the language of the order was 
as clear as it was absolute: 

I I JS HEREBY ORDERED LtiiiC, the CuSbudtAn -id KrcOftJ? :huEE pruduCc 5-;n the 
National fW^ir-tv Agency LNS.-Yi upn n svrvicv 01 Ibis- UnhT. and roniimiq production 
an ongoing daily basis thereafter for lll£ duration of thii Order, unless qEhiaiwL*! 
ordered t?y the Court, m cJcetfcrtic copy uf ih# following tangible tilings .UL call JeMil 
records ar "teluphony Tn^udal.t" f rented liy \ r i'ft/.oi\ for ■r^mmimkaticms [i\ between 
tbe United states^ obroiid; or {Li ^ wholly within ihe L'niled Including local 

idpphoni.' calls. 



Telephony metJcLitq Includes cymprclk'ndvefrimmLmk.ltioriS rouling mAirrnaliqn, 
inf lading hut rn| Fimited lu-MiStfiufl identifying irtfarmalibn mui 

■kmuirLltinfi b:h k phune number,. IntirKulIcvruil Identity {I MSI) number, 

Inlematiofliil Mobile sUUcm EquipmenL Identity {I MEt) lllintbcr 4 rtc.), irunk Identifier 
trfcphOPti 1 calling card northers, and time j»lE duration qf call, 



This bulk telephone collection program was one of the 
most significant discoveries in an archive suffused with all 
types of covert surveillance programs— from the large-scale 
PRISM (involving collection of data directly from the servers 
of the world’s biggest Internet companies) and PROJECT 
BULLRUN, a joint effort between the NSA and its British 
counterpart, the Government Communications Headquarters 
(GCHQ), to defeat the most common forms of encryption 



used to safeguard online transactions, to smaller-scale 
enterprises with names that reflect the contemptuous and 
boastful spirit of supremacy behind them: EGOTISTICAL 
GIRAFFE, which targets the Tor browser that is meant to 
enable anonymity in online browsing; MUSCULAR, a means 
to invade the private networks of Google and Yahoo!; and 
OLYMPIA, Canada’s program to surveil the Brazilian Ministry 
of Mines and Energy. 

Some of the surveillance was ostensibly devoted to 
terrorism suspects. But great quantities of the programs 
manifestly had nothing to do with national security'. The 
documents left no doubt that the NSA was equally involved in 
economic espionage, diplomatic spying, and suspicionless 
surveillance aimed at entire populations. 

Taken in its entirety, the Snowden archive led to an 
ultimately simple conclusion: the US government had built a 
system that has as its goal the complete elimination of 
electronic privacy worldwide. Far from hyperbole, that is the 
literal, explicitly stated aim of the surveillance state: to 
collect, store, monitor, and analyze all electronic 
communication by all people around the globe. The agency is 
devoted to one overarching mission: to prevent the slightest 
piece of electronic communication from evading its systemic 
grasp. 

This self-imposed mandate requires endlessly expanding 
the NSA’s reach. Every day, the NSA works to identify 
electronic communications that are not being collected and 
stored and then develops new technologies and methods to 
rectify the deficiency. The agency regards itself as needing no 
specific justification to collect any particular electronic 
communication, nor any grounds for regarding its targets 
with suspicion. What the NSA calls “SIGINT”— all signals 



intelligence— is its target. And the mere fact that it has the 
capability to collect those communications has become one 
rationale for doing so. 



ft ft ft 

A military branch of the Pentagon, the NS A is the largest 
intelligence agency in the world, with the majority of its 
surveillance work conducted through the Five Eyes alliance. 
Until the spring of 2014, when controversy over the Snowden 
stories became increasingly intense, the agency was headed 
by four-star general Keith B. Alexander, who had overseen it 
for the previous nine years, aggressively increasing the NSA's 
size and influence during his tenure. In the process, 
Alexander became what reporter James Bamford described as 
"the most powerful intelligence chief in the nation's history.” 
The NSA "was already a data behemoth when Alexander 
took over,” Foreign Policy reporter Shane Harris noted, "but 
under his watch, the breadth, scale, and ambition of its 
mission have expanded beyond anything ever contemplated 
by his predecessors.” Never before had "one agency of the 
U.S. government had the capacity, as well as the legal 
authority, to collect and store so much electronic 
information.” A former administration official who worked 
with the NSA chief told Harris that "Alexander’s strategy” was 
clear: "I need to get all of the data.” And, Harris added, "He 
wants to hang on to it for as long as he can.” 

Alexander’s personal motto, "Collect it all,” perfectly 
conveys the central purpose of the NSA. He first put this 
philosophy into practice in 2005 while collecting signals 
intelligence relating to the occupation of Iraq. As the 
Washington Post reported in 2013, Alexander grew 
dissatisfied with the limited focus of American military 



intelligence, which targeted only suspected insurgents and 
other threats to US forces, an approach that the newly 
appointed NSA chief viewed as too constraining. “He wanted 
everything: Every Iraqi text message, phone call, and e-mail 
that could be vacuumed up by the agency’s powerful 
computers.” So the government deployed technological 
methods indiscriminately to collect all communications data 
from the entire Iraqi population. 

Alexander then conceived of applying this system of 
ubiquitous surveillance— originally created for a foreign 
population in an active war zone— to American citizens. "And, 
as he did in Iraq, Alexander has pushed hard for everything 
he can get,” the Post reported: "tools, resources, and the legal 
authority to collect and store vast quantities of raw 
information on American and foreign communi cations.” 
Thus, "in his eight years at the helm of the country’s 
electronic surveillance agency, Alexander, 61, has quietly 
presided over a revolution in the government’s ability to 
scoop up information in the name of national security.” 

Alexander’s reputation as a surveillance extremist is well 
documented. In describing his "all-out, barely legal drive to 
build the ultimate spy machine,” Foreign Policy called him 
"the cowboy of the NSA.” Even Bush-era CIA and NSA chief 
General Michael Hayden— who himself oversaw the 
implementation of Bush’s illegal warrantless eavesdropping 
program and is notorious for his aggressive militarism— often 
had "heartburn” over Alexander’s no -holds -barred approach, 
according to Foreign Policy. A former intelligence official 
characterized Alexander’s view: “Let’s not worry about the 
law. Let’s just figure out how to get the job done.” The Post 
similarly noted that “even his defenders say Alexander’s 
aggressiveness has sometimes taken him to the outer edge of 



his legal authority.” 

Although some of the more extreme statements from 
Alexander— such as his blunt question “Why can’t we collect 
all the signals, all the time?,” which he reportedly asked 
during a 2008 visit to Britain’s GCHQ— have been dismissed 
by agency spokespeople as mere lighthearted quips taken out 
of context, the agency’s own documents demonstrate that 
Alexander was not joking. A top secret presentation to the 
2011 annual conference of the Five Eves alliance, for 
instance, shows that the NSA has explicitly embraced 
Alexander’s motto of omniscience as its core purpose: 




A 2010 document presented to the Five Eves conference by 
the GCHQ— referring to its ongoing program to intercept 
satellite communications, code-named TARMAC— makes it 
clear that the British spy agency also uses this phrase to 
describe its mission: 



W !iiC0^T,4fltL -tti UlA twr 



Why TARMAC? 



MHS hag. a grav/incf FORMS AT mission, 

- SKAREOVIStON mission. 

- SigOgv (-Difficult Serials co1locti&n‘). 

■ . - ASPHAUTTcollfiCi It All " prpor-o^onttipt system], j 






Even routine internal NSA memoranda invoke the slogan to 
justify expanding the agency’s capabilities. One 2009 memo 
from the technical director of the NSA’s Mission Operations, 
for example, touts recent improvements to the agency’s 
collection site in Misawa, Japan: 

Future Finns (U) 

(T&NSl//KtiL) In the fnlure, MSOC hopes 10 expand the number of WORlXjOFTlIiH platforms to 
enable lEcnKduSitlitirt of tiiousanJs of additional low-nilc t&merl 

Thc^ 

target* me ideally suited for software demodulation. Addil iynrttly H MSOC ha* developed a 
capability 10 automatically sum and denindulaic ns they active cm ihc saidtiici. Thflrc arc 

Li multitude of possibilities, blinking our enterprise one *tcp c\mtr to "cullecllug h llEI." 



Far from being a frivolous quip, “collect it all” defines the 
NSA’s aspiration, and it is a goal the NSA is increasingly 
closer to reaching. The quantity of telephone calls, emails, 
online chats, online activities, and telephonic metadata 
collected by the agency is staggering. Indeed, the NSA 
frequently, as one 2012 document put it, “collects far more 
content than is routinely useful to analysts.” As of mid-2012, 
the agency was processing more than twenty billion 
communications events (both Internet and telephone) from 
around the world each day : 




ir*KN i iMihi iij \k.iv>h 



Example of Current Volumes and Limits 




<■ r«l! 
MriiDM 
I tetortiY 

on PtiMa 
□ r.-rfjl K^Ofdi 
Trjr'i^- , n«J 
toMABNA 

DFt£<epfdk hi 

m MW 

ftKUp« 

■ T-*jt DJt-H 

by 

PA^lA 



5 

Ill'll i I r I I ■ ■*•-.■. I II I Ell I. L-. f\l P 



For each individual country, the NSA also produces a daily 
breakdown quantifying the number of calls and emails 
collected. The chart below, for Poland, shows more than three 
million telephone calls on some days, for a thirty-day total of 
seventy-one million: 



K B- a- 




The domestic total collected by the NSA is equally 
stunning. Even prior to Snowden’s revelations, the 
Washington Post reported in 2010 that “every day, collection 



systems at the National Security Agency intercept and store 
1.7 billion emails, phone calls, and other types of 
communications” from Americans. William Binnev, a 
mathematician who worked for the NSA for three decades and 
resigned in the wake of 9/11 in protest over the agency’s 
increasing domestic focus, has likewise made numerous 
statements about the quantities of US data collected. In a 
2012 interview with Democracy Now!, Binney said that 
“they’ve assembled on the order of 20 trillion transactions 
about U.S. citizens with other U.S. citizens.” 

After Snowden’s revelations, the Wall Street Journal 
reported that the overall interception system of the NSA “has 
the capacity to reach roughly 75% of all U.S. Internet traffic in 
the hunt for foreign intelligence, including a wide array of 
communications by foreigners and Americans.” Speaking 
anonymously, current and former NSA officials told the 
Journal that in some cases the NSA “retains the written 
content of emails sent between citizens within the U.S. and 
also filters domestic phone calls made with Internet 
technology. 11 

Britain’s GCHQ similarly collects such a great quantity of 
communications data that it can barely store what it has. As 
one 2011 document prepared by the British put it: 



Knowing what we have - Guiding Light 

■ GCHQ has massive access to international 
internet communications 

■ We receive upwards of 50 Billion events per day 
{...and growing) 



So fixated is the NSA on collecting it all that the Snow r den 







archive is sprinkled with celebratory internal memos 
heralding particular collection milestones. This December 
2012 entry from an internal messaging board, for instance, 
proudly proclaims that the SHELLTRUMPET program has 
processed its one trillionth record: 



(S//SI//REL TO USA, FVEYi SSfiUTfttKPET PtfKtUEl it*" i Ore TrilUontb 
Rpcaril! 

% [ r,f W pn fl739 



I5//5I//REL 70 t^A, FYEY? On D t£M3*r 21, 2211 SHElLTUuHPEI pWftUr d 11 ^ 
ftfir TV 1 1 U&n r n aO.H -1 record, VHetUfiL^PU brgjn * M^r-rtaVu^ 

anal yief on Ek;t a, for o CL ASM t oflUccl;on vy*u*«* In Ui 

five Mvtarf, nifStreirS oif-ef 1Y«* across the Agency h-ivcr c<yic- 

ID Lr.r 5HELlTWPET-« OtmiltliCt f*f Cfr fgrtJnc* *OAiT*f Hifl, 

dLrrtl 1-K.Tll I :p ifcprtirt*, T^FHC^Iff ltJfl;rq p jnU fctWUsc fiHryi Sfl I'm \ 
valewo4 £-ftTA6> filtering mn 4 ingest , Thcugn il took rave ycjr-i to got to 
ihe -line t-rJUlpn rJi-h, ilwil hall ef ihii valuvt was Broee&^eit in ini* 
HUntf-ir jrtaf. and half of Ihat yd1u*t uai tr&i £S9't PHHEWCW^S. 
S>iftLTfltHp£T cyrrfJii'l^ process Ihfl SlUton c*U even|5/ii^ iron 
select 550 (Rs-s-tf, OAKSnitj OT5TTC .intf HC5C teamed SyStC^U KU5KFTEEN , 
.rid Second van? We Mill te tapafi-tfinij icti re-a<h stco miier S5Q 

tV5tc-"ii over the tou^c of 3813^ Tee Trill IDti i-etar-s^ groCcnsetf have 
fe lulled in eve* 35 Killian up* to TWUFFltTKfEF. 



* -3- -St 



To collect such vast quantities of communications, the NSA 
relies on a multitude of methods. These include tapping 
directly into fiber-optic lines (including underwater cables) 
used to transmit international communications; redirecting 
messages into NSA repositories when they traverse the US 
system, as most worldwide communications do; and 
cooperating with the intelligence sendees in other countries. 
With increasing frequency, the agency also relies on Internet 
companies and telecoms, which indispensably pass on 
information they have collected about their own customers. 

While the NSA is officially a public agency, it has countless 
overlapping partnerships with private sector corp orations, 
and many of its core functions have been outsourced. The 
NSA itself employs roughly thirty thousand people, but the 
agency also has contracts for some sixty thousand employees 
of private corporations, who often provide essential services. 
Snowden himself was actually employed not by the NSA but 



by the Dell Corporation and the large defense contractor Booz 
Allen Hamilton. Still, he, like many other private contractors, 
worked in the NSA offices, on its core functions, with access 
to its secrets. 

According to Tim Shorrock, who has long chronicled the 
NSA-corporate relationship, “70 percent of our national 
intelligence budget is being spent on the private sector.” 
When Michael Hayden said that ‘'the largest concentration of 
cyber power on the planet is the intersection of the Baltimore 
Parkway and Maryland Route 32,” Shorrock noted, "he was 
referring not to the NSA itself but to the business park about 
a mile down the road from the giant black edifice that houses 
NSA’s headquarters in Fort Meade, Md. There, all of NSA’s 
major contractors, from Booz to SAIC to Northrop Grumman, 
cariy out their surveillance and intelligence work for the 
agency.” 

These corporate partnerships extend beyond intelligence 
and defense contractors to include the world’s largest and 
most important Internet corporations and telecoms, precisely 
those companies that handle the bulk of the world’s 
communications and can facilitate access to private 
exchanges. After describing the agency’s missions of "Defense 
(Protect U.S. Telecommunications and Computer Systems 
Against Exploitation)” and "Offense (Intercept and Exploit 
Foreign Signals),” one top secret NSA document enumerates 
some of the services supplied by such corporations: 




NSA Strategic Partnerships 



iftaw 



AT&T 
EOS 

, 

CISCO 

Qualcomm 

Oracle 
IBM 




Alliances with over 80 Major Global Corporations 
Supporting both Missions 

Gwest 

* Telecommunications & 

Network Service providers 

* Network Infrastructure 

* Hardware Platforms 
Desktops/Senrers 

* Operating Systems 
Applications Software 

Security Hardware a Software Microsoft . r /j 

System Integrators Verizon 





H)P Kr-UnJJCQMLHTUXa 



These corporate partnerships, which provide the systems and 
the access on which the NSA depends, are managed by the 
NSA’s highly secret Special Sources Operations unit, the 
division that oversees corporate partnerships. Snowden 
described the SSO as the “crown jewel” of the organization. 

BLARNEY, FAIRVIEW, OAKSTAR, and STORM BREW are 
some of the programs overseen by the SSO within its 
Corporate Partner Access (CPA) portfolio. 




As pail of these programs, the NSA exploits the access that 



certain telecom companies have to international systems, 
having entered into contracts with foreign telecoms to build, 
maintain, and upgrade their networks. The US companies 
then redirect the target country’s communications data to 
NSA repositories. 

The core purpose of BLARNEY is depicted in one NSA 
briefing: 



n#«rm i ■■ mi i - 

Refetionsfrtos & Authorities 

* Leverage unique key corporate partnerships to gain access lo 
hi gn-ca parity international fiber-optic cables, switches anttfor 
routers throughout the world 





BLARNEY relied on one relationship in particular— a long- 
standing partnership with AT&T Inc., according to the Wall 
Street Journal’s reporting on the program. According to the 
NSA’s own files, in 2010 the list of countries targeted by 
BLARNEY included Brazil, France, Germany, Greece, Israel, 
Italy, Japan, Mexico, South Korea, and Venezuela, as well as 
the European Union and the United Nations. 

FAIRVIEW, another SSO program, also collects what the 
NSA touts as “massive amounts of data” from around the 
world. And it, too, relies mostly on a single “corporate 
partner” and, in particular, that partner’s access to the 
telecommunications systems of foreign nations. The NSA’s 
internal summary of FAIRVIEW is simple and clear: 





Unique Aspects 

Access to massive amounts of data 
Controlled by variety of legal authorities 
Most accesses are controlled by partner 



US-990 FAIRVIB/V 

[TStfSI} US-990 (PDDG-UY) - key corporate partner with 
access to international cables, routers, and switches. 

(TStfSI) Key Targets: Global 







According to NSA documents, FAIRVIEW “is typically in the 
top five at NSA as a collection source for serialized 
production’ — meaning ongoing surveillance— “and one of the 
largest providers of metadata," Its overwhelming reliance on 
one telecom is demonstrated by its claim that “approximately 
75% of reporting is single source, reflecting the unique access 
the program enjoys to a wide variety of target 
communications.” Though the telecom is not identified, one 
description of the FAIRVIEW partner makes clear its 
eagerness to cooperate: 



FAIRVIEW - Corp partner since 1385 with access to int. cables, routers, 
switches- The partner operates in the u.S., but has access to information 
that transits the nation and through its corporate relationships provide 
unique accesses to other telecoms and ISPs. Aggressively involved in 
shaping traffic to run signals of interest past our inonitors. 



Thanks to such cooperation, the FAIRVIEW program 
collects vast quantities of information about telephone calls. 



One chart, which covers the thirty-day period beginning 
December 10, 2012, shows that just this program alone was 
responsible for the collection of some two hundred million 
records each day that month, for a thirty-day total of more 
than six billion records. The light bars are collections of 
“DNR” (telephone calls), while the dark bars are “DNI” 
(Internet activity): 




To collect these billions of phone records, the SSO 
collaborates w r ith the NSA’s corporate partners as w T ell as with 
foreign government agencies— for instance, the Polish 
intelligence sendee: 



(KS/StANF) OfWWtCftlRfU part of the QAKMA* progm uadcf SS0 r 5 
corjrar.il* pnrtteLi^ ttqaii fni-rfiirdlnq re-tiida Eg, frCm u llilrd purEy 
'■Lie (Pfllflnill fO MSA rcpoilldrkk 45 flf i KorcJi and tonlifnE iiv 0? K&rch, 
This prograi Is a callukraratlte tflsrs beX*<?.CM ZVj, Ntid, Elt, m Nlfi 

tmparwt Partner ,1 division a* t At Polish* Goveri»eat* Ofi/iM&ECRLiSrf 14 
Silly knimn to (Kc as stiff ALMflEtW, Thl* =yU 1 -group p^rfntrsfijp 

Cwflon In -*1ay -ms will intofoarntf the QAriS'Tnft project of 
ana rn WJB o^biUty- Ill* fitv act* &4 will provide SbltlNT trors COiftrofiiaL 

Uhfc-i --Jiiagud by ;he hSA Orpanur Partner and t4 gnUCipaceri Cb metofe 
Altfnr, Kfit Anay r ttiddLr tos-l. t IniteO Afr Han &nf nt , find rppeara 

cos-nymcaUora. A notification ?ias teen pasted to dPRirffiRAT and tM* 
collettian t\. jv^j libit eq Second Pariiei via TICKElVietfKfif. 



The OAKSTAR program similarly exploits the access that 
one of the NSA’s corporate partners (code-named 
STEELKNIGHT) has to foreign telecommunications systems, 
using that access to redirect data into the NSA’s own 
repositories. Another partner, code-named SILVERZEPHYR, 
appears in a November 11, 2009, document describing work 




done with the company to obtain “internal communications” 
from both Brazil and Colombia: 



SlLVEftHPHYft FAA ONI Access Initiated at N5AW (TS//SI//NF) 
By I xtivi 1 1 .mc : i •> j o-n 2009-11-G6 091B 



(TS//SI//NF) On Thursday, 11/5/89, the 5S0-0AK5TAR 
5ILVERZEPHYR tSZl access began -forwarding FAA DNI records 
to NS AW via the FAA WealthyClusterZ/TeLlurian system 
installed at the partner's site. 550 coordinated with the 
Data Flow Office and forwarded numerous sample f iLcs to a 
test partition for validation, which was completely 
successful, 5S0 will continue to monitor the flow and 
collection to ensure a ny anomalies are identified and 
corrected as required. SILVERZEPHYH will continue to 
provide customers with authorized, transit DNR collection, 
SSO is working with the partner to gain access to an 
additional SQGbs of DNI data on their peering network, 
bundled in 10 GbS increments. The OAKSTAR team, along With 
support from N5AT ano GNDA, just cohipleted a 12 day SIGINT 
survey at site, which identified over 200' new Links, During 
the survey, GNDA worked with the partner to test the output 
of their ACS system. QAKSTAR is also working with tiSAT to 
examine snapshots taken by the partner in Brazil and 
Colombia, both of which may contain internal communications 
for those countries. 



Meanwhile, the STORMBREW program, conducted in 
“close partnership with the FBI,” gives the NSA access to 
Internet and telephone traffic that enters the United States at 
various “choke points” on US soil. It exploits the fact that the 
vast majority of the world's Internet traffic at some point 
flows through the US communications infrastructure— a 
residual by-product of the central role that the United States 
had played in developing the network. Some of these 
designated choke points are identified by cover names: 





BKKCKKMtlDGK 



KILLING i*)N 



TOPPERMOI 
MAVERICK i 



SHKVAll.KV 



wms 



Seven Access Sites - International “ Choke Points ” 



■\i 

* L3S]-E5N1U™--i i i^ 

* IkvmrJiC iisfr-i'erkHLUJr «ih 

■ Cahk ,Statkia t?iwicri <TP 

BhUum) 

1 Cltm- i^ainet^hip moTO! ft. NCSC 

-* - 



n>r mwiix ■ cuuim jawnutvM *!>■ 



According to the NSA, STORMBREW “is currently 
comprised of very sensitive relationships with two U.S. 
telecom providers (cover terms ARTIFICE and 
WOLFPOINT).” Beyond its access to US-based choke points, 
“the STORMBREW program also manages two submarine 
cable landing access sites; one on the USA west coast (cover 
term, BRECKENRIDGE), and the other on the USA east coast 
(cover term QUAIL-CREEK).” 

As the profusion of cover names attests, the identity of its 
corporate partners is one of the most closely guarded secrets 
in the NSA. The documents containing the key to those code 
names are vigilantly safeguarded by the agency and Snowden 
was unable to obtain many of them. Nonetheless, his 
revelations did unmask some of the companies cooperating 
with the NSA. Most famously, his archive included the PRISM 
documents, which detailed secret agreements between the 
NSA and the world's largest Internet companies— Facebo ok, 
Yahoo!, Apple, Google— as well as extensive efforts by 



Microsoft to provide the agency with access to its 
communications platforms such as Outlook. 

Unlike BLARNEY, FAIRVIEW, OAKSTAR, and 
STORMBREW, which entail tapping into fiber-optic cables 
and other forms of infrastructure (“upstream” surveillance, in 
NSA parlance), PRISM allows the NSA to collect data directly 
from the servers of nine of the biggest Internet companies: 




You 
Should 
Use Both 



PRISM 



Cm. lit 






livEJ 

K?L - ■ mpi A 



I ' SI V I FAA 702 Operations 

Twfr I'yjN'# of Catteciion 

Upstream 

■ Celhjcim rfcommunicflEtan* on fiber eebtas 
end iftfras&irduiB ns data Rowe past 
iKAJfttfEW.SlQftMflftEW, BlARN&Y, QM£T 

^r- 



■ OglkatfjQn rnjm lbs ^rver^ ol Ihesa U,5 

Sanflw Pmvktore: MJcroaolL Vatm Grag*o 
. Pilling. AOL. SkyJW, YOiiTuCM 

-v Aft** * : 






The companies listed on the PRISM slide denied allowing 
the NSA unlimited access to their servers. Facebook and 
Google, for instance, claimed that they only give the NSA 
information for which the agency has a warrant, and tried to 
depict PRISM as little more than a trivial technical detail: a 
slightly upgraded delivery system whereby the NSA receives 
data in a ‘lockbox" that the companies are legally compelled 
to provide. 

But their argument is belied by numerous points. For one, 
we know that Yahoo! vigorously fought in court against the 
NSA’s efforts to force it to join PRISM— an unlikely effort if 
the program were simply a trivial change to a delivery 7 system. 
(Yahoo !’s claims were rejected by the FISA court, and the 



company w r as ordered to participate in PRISM.) Second, the 
Washington Post ’ s Bart Gellman, after receiving heavy 
criticism for “overstating” the impact of PRISM, 
reinvestigated the program and confirmed that he stood by 
the Post's central claim: “From their workstations anywhere 
in the world, government employees cleared for PRISM 
access may ‘task' the system”— that is, run a search— “and 
receive results from an Internet company without further 
interaction with the company’s staff.” 

Third, the Internet companies’ denials were phrased in 
evasive and legalistic fashion, often obfuscating more than 
clarifying. For instance, Facebook claimed not to provide 
“direct access,” w 7 hile Google denied having created a “back 
door” for the NSA. But as Chris Soghoian, the ACLU’s tech 
expert, told Foreign Policy, these w r ere highly technical terms 
of ail denoting very specific means to get at information. The 
companies ultimately did not deny that they had w T orked with 
the NSA to set up a system through which the agency could 
directly access their customers’ data. 

Finally, the NSA itself has repeatedly hailed PRISM for its 
unique collection capabilities and noted that the program has 
been vital for increasing surveillance. One NSA slide details 
PRISM’s special surveillance pow T ers: 



If# U* Kl.r Si VUSC-Wt 

i. jM .'il 




ClO ^lt' , ’ r 

Yahoo? ^ '■ "‘ -' 4. 



'to. [3 

m>l| 



FAA702 Operations 

l¥hy Use Both- PRfSM vx r Upsirctim 





PRISM 




DM Sfltttw) 


0U3.bfscdwrvict 
\Z‘ pfUl'idUTS 




EJNR SetreEon* 


0CDfnjn£i4« 




Avenb^ to JiiQtcd 
CmirtuiinfiOfis 
(Sic^pc-hl 


>/ 


G 


KmP-TIirc <ro]£Klinp 
(Suivcilliuice) 


s/ 


F2 


^AbouiV 1 Cdllrerion 


0 




Vmtx E.'nllLMtkHi 


\/ Vuicc over H h 


n/ 


DLivcl RelaflwDsliijvwilh 
Ctmraii PfiwiskH 


shnwKlt i'yi 


✓ 




(Jpttpeim 

Wbrfd*Mo 

sOium 

Worldwide 1 

scuwxts 






Another details the wide range of communications that 
PRISM enables the NSA to access: 



IWWl'W T- *HM(WAWM> 




runen! Provider* 



Yahoo? 



Gt>l gfc 






PRISM Collection Details 




W*si ttiH Vfi-ju Receive in CallttiioA 

(SufvciEliiitoit anil Stored Cftflmfj? 
[i wic# by pravHfcr. Ti genera!; 







- h'-llHil 


- (llotiiHil h rtc.] 




1 Cbil v\fkv. H?jc< 


- tFWglf 




■ Vk £hh 


* VaPKH?; 




p 

■ S^cuml diil- 


* FLU’CtKWk 




v Vflir 


- PilTnlfc 




■ File nwufrtc. 


* YffliTils 




■ Vkfi-CiCfflifenrjKiTig 


• Stypr 






* Afll. 




■ Online Scciil 'NciwitfSung'ffclaihi 


■ Afltle 




- RcqutiU 






C«np!^r hit jjmJ dcljlii !>n i'KES-M ‘i\zb pjtfc 

(hh PRIjLMFAA ni_rsi_*!M:T M * 



And another NSA slide details how the PRISM program has 
steadily and substantially increased the agency’s collection: 



Hff sht'Rti shoftPOK ■flo ima 

GH il 




r ’„ Hotmail ij[ L ’ fan 

xXflOOj ck 



Unique Selectors Tasked to 
PRISM (US-984XN) in FY2012 



All Providers 



. ■ I. 






I I 




> Over 45,000 Selector* on 
Ttulttit End of FYI 2 



/ / / 



Strong Growth In FV12 Tasking:: 

> Skyf^ iip i**% 

> F*ceboo& wp 1311S. 

> Sooij It up G3% 

Lbhbk 

///////// 




WSICHiTl SV'IHK.W'MH'tlftN 



On its internal messaging boards, the Special Source 
Operation division frequently hails the massive collection 
value PRISM has provided. One message, from November 19, 
2012, is entitled “PRISM Expands Impact: FY12 Metrics”: 



(TV/SI//HF] Pftltt* (US-334fcNl frj(0OrHl*d iC- ldp^f Ml U5A'\ ftpbflU 15 
ni^lpn irt TV]? thro^b JnCrcwfl liking, tglLcrllgn and W+llOiU'l 
imptQvctmnii. no re arV -s™ Fi.Hy?Uj.flhC* IFir m? progiaa: 

FfliSii is tkf: sn&t eltrB collection source sn h&a U1 Party iriflHiroduCt 
re^rTing. Sara- US* produci report-; wttt hiced on PftlSH shaft or* any at her 
tfa a!,l qP USA 1 * IjE Party rafting 4*ir kft$ FY1S: Cited 1* 

*U rc**fU El^P fr*T Hk Hi mil, v«* <Urt in IJ.fl* dT -11 

1st. ?rn), j-rg Party -NS* reporting top fro* ll-O 1 * U FTUJ.. «ng 1* *Ho 
t*t* tup cited SKJ4J 1 ovtriU 

- be’ r 41 PAZ'Srt-bbtftd Phd-p'rodLLt repot 1 % Liiuc-d in FY 12 S ■. r> 

*Tb Jr*r, mi 

Sl^lt-ipufc* repdrilrtp pprCtntflgs: In FyIJ fl n8 JU1: 

frrgGuvt repgi-ii dej-i^d Prpa Pfct M «UeU i^. cittd m 
iotorcc^ ip erticlbs in itiff PrtoildtPl'i CUily BJ-iff in 1„J|7 Ufa 

III £1€1NT teQtot ti fit Pd i-, i&lifCti in i'iMJ artlClt^, - Mghfrit ling l * SICAD 

foi- nM; in mis liiJ? r/A *f dU si«ut rwru ^ Hiirm jp R&a 

article-. - Hl 9 hM!.t Single *dr ^ I 

itetr.fpt-s qT JnfflrrpCign cgnlriUvteif to m FT 1 J : 
J.lHS ut all E£i\ for 4iU Inform! ion Necfl>3; ftEs aetfre^atd 

By PR!SS 

Ttr niL’shff or E^ked itlttiat* re**: 12b ih FVI2 fft ai 

d« sepi m 2 

OrpiiE &U-CC7H tii &kypto Co'S lee t iflfi jn o praium ng: gjilq^, vfilue 

targets ic-oyired 

Izjcpanrfcd PSISH i4skabl# t- , viii do^ins tre'f anty 4fl, to 77.^53 



Such congratulatorv 7 proclamations do not support the notion 
of PRISM as only a trivial technicality 7 , and they give the lie to 
Silicon Valley’s denials of cooperation. Indeed, the New York 
Times, reporting on the PRISM program after Snowden’s 






revelations, described a slew of secret negotiations between 
the NSA and Silicon Valiev about providing the agency with 
unfettered access to the companies’ systems. “When 
government officials came to Silicon Valley to demand easier 
ways for the world’s largest Internet companies to turn over 
user data as part of a secret surveillance program, the 
companies bristled,” reported the Times. “In the end, though, 
many cooperated at least a bit.” In particular: 

Twitter declined to make it easier for the government. But other 
companies were more compliant,, according to people briefed on 
the negotiations. They opened discussions with national security 
officials about developing technical methods to more efficiently 
and securely share the personal data of foreign users in response to 
lawful government requests. And in some cases, they changed their 
computer systems to do so. 

These negotiations, the New York Times said, “illustrate 
how intricately the government and tech companies work 
together, and the depth of their behind-the-scenes 
transactions.” The article also contested the companies’ 
claims that they provide the NSA only with access that is 
legally compelled, noting: “While handing over data in 
response to a legitimate FISA request is a legal requirement, 
making it easier for the government to get the information is 
not, which is why Twitter could decline to do so.” 

The Internet companies’ claim that they hand over to the 
NSA just the information that they are legally required to 
provide is also not particularly meaningful. That’s because 
the NSA only needs to obtain an individual warrant when it 
wants to specifically target a US person. No such special 
permission is required for the agency to obtain the 
communications data of any non-American on foreign soil, 



even when that person is communicating with Americans. 
Similarly, there is no check or limit on the NSA’s bulk 
collection of metadata, thanks to the govemmenfs 
interpretation of the Patriot Act— an interpretation so broad 
that even the law’s original authors were shocked to learn 
how it was being used. 

The close collaboration between the NSA and private 
corporations is perhaps best seen in the documents relating 
to Microsoft, which reveal the company’s vigorous efforts to 
give the NSA access to several of its most used online 
services, including SkyDrive, Skype, and Outlook.com . 

SkyDrive, which allows people to store their files online 
and access them from various devices, has more than 250 
million users worldwide. “We believe it’s important that you 
have control over who can and cannot access your personal 
data in the cloud,” Microsoft’s SkyDrive website proclaims. 
Yet as an NSA document details, Microsoft spent “many 
months” working to provide the government with easier 
access to that data: 



{TS/tU/MF) iSO rtXGHLlGHT' - flic rdf gti Strive Co l Sect kc-n- ^ Pint of 
PRISH Standard Stored G”"'u meat ions Col Loci Ian 



bjt j NAjUE^EMCtE? on iftsa-ea-aa 



iT5//ST//HFJ on 7 March 2033, PAISN no* wUHti KftcrouFt 

Skydrive data m nart of PflASK's standard S In red Co-^uulcotigni collect lo* 
p.lCkagc r Jj UuAed FCSA Act SCCllOfi 7B? fFAA7Q23 S? UtlOr, 

Tru-s -wans tfcat analysts will na longer [nave t& a su-L-cial request lo 
SS0 ior - a 0roe£%5. f-Ttp- thJI -.1/ tw\ friiv£ fcngwn aboitl- 

Tnls n&- capotuLily will resull in a m -uzW r-erc complete and licety 
COlUdlon ft JJHJW tro - 1 Tar our Entufflfite Ttiu succotl i* 

the result oF Uie FBI warning Tor eany earu-Hi mth Mieroxafr ta get this 
lasting jro collection solution eilabllstird. ■SkyOrlYe fcs a cloud icnricv 
ttvai allows users la store rm-d access tr-eir files on a variety oi devices. 
The utility oUn Include Fit* *t& #pp Mipp^rt for Hlcrdifftfl Office 
ero^ ra»s, so Hit uxer 5 s able create, udii, a^d Yiew W-ord, PowerPoint, 
ffxcel files vilhfliil having Office octi/ally ms-talled uri inelr device. H 
Hdvirce; 5314 wmJ 



In late 2011, Microsoft purchased Skype, the Internet- 
based telephone and chat sendee with over 663 million 
registered users. At the time of its purchase, Microsoft 



assured users that “Skype is committed to respecting your 
privacy and the confidentiality of your personal data, traffic, 
and communications content.” But in fact, this data, too, was 
readily available to the government. By early 2013, there were 
multiple messages on the NSA system celebrating the 
agency’s steadily improving access to the communications of 
Skype users: 



iT5/^I//NFi fie- SXyjM! Srereo tiros Capability For swish 
ap [ an 20 IJ- 01 -B 3 BB 3 I 



ET 5 //SI//NFJ PftlSH nai 0 mrw COlltetlOO eapJ&lllTy z 

wm^n-icot inns. Skype store* co^L'nicotign? wilt contain wiqvt ti*tc w^icn 
^ Opt PolU-tts* virt rtpraal icil-U-* turfy* tlUrtq* C 0 U*<tACKi r SSfi riagcC;-, 
t& receive frjssy mts. credit inf®, c*U doto records., user fl-scdunt 
Sntg, ana Older r a E e* i-j 1 . 0 * 29 H * rt * ^iS. fflrvarOed PHirOx Lately ifl-AO 

^kype selector; for fiorea co* -unseat ion: 10 U-c od|*idseatea i* SV-El and ire 
Electronic (vuiwiciUcns Surveillance lin-i t l£<Sui nt FAS". &V-ei red bee-i 

!^>rkinj gn edJU^KfiUgn f*r th.e highest jiripiAly -fleeter- ghejid af tJ^e *nd 
nij vtaut Sfii regoy Tor EC'SU to evaluate, It could take Le-jerei n*eX; far 
$V41 10 thfojgh flU 2 fldi 5 pelrdgrL Ig gel EhC- opprgvrt, ar-d K 5 U 'hjLI 

likely take lender e* gran: :ne approvals. Ai of 2 April, ESCU nod apjsroveo 
over 19 selectors *0 be '-fRif t* Shypo for collection. Kush Skyer collet Lion 
nns (ftrvuf g^t IV vital nEcbf in JiO* re&orlinQ in less than tW ycorg with 
terrori^, Syn&n gpfriiitiOn mva rtftue, aaa cjcic/^jieeirtl reports 

peina xde m? topics, ever- 2 Bee I’e&c-rts reve Seen' issued ;inpt tjirll 2 -G 11 
P 0 i *0 On PRISM Skype wJTin Of t&*Jl Mlufl Circle ',Ouf<e, 



m/Jitf/H F) EJCfMJidS PRi&H Slcype Tatgelirg c ppm lily 
By f ^AWEfiEEACEED 1 PH 1 ft ?9 



iTSy/SW/NFJ on IS Koreh JGU r 550's /‘SIS* prpqr,iT deg, in. liking oU 
Hieroifift PSUSH seleelori to Skype because Skyiw aLlo-n* user* to log sn 
using Ji<egyn; idm E i f n- r* yn JpcMtmn Ed ^-hypt ^ertl^CJn Until new, P*l*H 
wggli? ngt qgUTCl any ^Vype dot-i udgji .1 gj-r loqgeif in tf 3 mg pTiy(hiing otd^r 

tAon tut iKypt yierno--t which resulted in nisiinfl collectlonE thu octioo 
ytll th,Yt. It f^ct. ■> gttr can Ci-cotg a ^nyde ocep^t uSitg ,iriy 

e-r.isl Jddfgiv Wild iiny UC-r-iin %fl Tkff lrdfld- VTT dug% npE £gtfpdUy gllOw 
analysts to folk theit n&p-“H: ere soft e-saii addrcssoi to J*R!5fl P however, 

£■53 imcrifli co fi¥ thiH tnii lurw, In thi- egoanpt, KSA. FBI 01 mi Ogpi □« 
Jujtici- eotrdiriftiad tMer th^ trt'jt iix renih-i to gila Approval tor MEfjTA'JfiA 
to sentf aSt current ond future Humsgi t FftlS^ selector-, to Skyee, ihi .3 
rasuttgo in oboui gfJCI! ^elaccor-f oesng sen; e« skype jivJ ^urcas-sfirl 
cgUecUan nn\ t+rfi rg<nvrd wftlth otiigniiL^r u'uiila n^vc t>cpn 



Not only was all this collaboration conducted with no 
transparency, but it contradicted public statements made by 
Skype. ACLU technology expert Chris Soghoian said the 
revelations would surprise many Skype customers. “In the 
past, Skype made affirmative promises to users about their 
inability to perform wiretaps,” he said. “It’s hard to square 
Microsoft’s secret collaboration with the NSA with its high- 



profile efforts to compete on privacy with Google." 

In 2012, Microsoft began upgrading its email portal, 
Outlook.com . to merge all of its communications services— 
including the widely used Hotmail— into one central program. 
The company touted the new Outlook by promising high 
levels of encryption to protect privacy, and the NSA quickly 
grew concerned that the encryption Microsoft offered to 
Outlook customers would block the agency from spying on 
their communications. One SSO memo from August 22, 2012, 
frets that “using this portal means that email emerging from 
it will be encrypted with the default setting” and that “chat 
sessions conducted within the portal are also encrypted when 
both communicants are using a Microsoft encrypted chat 
client.” 

But that worry w T as short-lived. Within a few 7 months, the 
tw T o entities got together and devised methods for the NSA to 
circumvent the very encryption protections Microsoft w 7 as 
publicly advertising as vital for protecting privacy: 



ETS/7W/Nf 5 NKresofl fftl-caiei bew strvicq, a r T«tt 5 , FAA 7flZ teUKTiaa 
&y | ~ima =*riMgirD ) pr Mil 



IT 4 / 7 S.I//WF] On 31 Juty, Htcros^f! begiui encrypting chftt 

with Jt:e e nt reluct jen 0 I t |i w new out Iflg’k.epa ieoi£e l fnis ne-- Secure 
Saekpi. l A yer E&St) enerypiuifl rffp^iivcly egl off pclleti tun Of Tilt new 
tervkc fpr FAA W juifl Uncly t 2331 Ho deg reef fgr tJic lntcllk^fice 
Cuftf-unity ll£) a NS, w 0 r*£itfl yitii (hp j’SU , ^cvelgpfd a mrvntlUnce 
tip^iUty eo -dee I wilb me- gew SSL. THes* spluiloos vert su^ceii fully 
inn w+fi T live t? Otd JI 1 ?. 1 kpluUPn y,^ spoiled to All 

eurrens fJSa ond requirta-enii nj ehnngfli \o UU Isskkg 

jiiroetdurc-a were required. The S-S-L solution doss Jiot coUeci serMcr -bnstd 
^oieu^vsisd* or ule tfunsfer-j. T^ie legacy eolltet it,*i vysi pci will renoin 
:n pkre to cgllcct vpice^vidso .ind file Ujniftrii A& j rt^ult Ihere y-iU 
be sb-"e dLplitbtc e 0 llc-sl ic-n of text -fused cn^l fro-* the new 4 n p legiicy 
lysuos which will be Addreised at j to ter da:e.. An inefea.se tn col lee non 
yglusg ov g rpsolE of i ti a v sgluUgn hoj pUe^dy been npted by C 6 S, 



Another document describes further collaboration between 
Microsoft and the FBI, as that agency also sought to ensure 
that new Outlook features did not interfere with its 
surveillance habits: “The FBI Data Intercept Technology Unit 



(DITU) team is working with Microsoft to understand an 
additional feature in Outlook.com which allows users to 
create email aliases, which may affect our tasking process.... 
There are compartmented and other activities underway to 
mitigate these problems.” 

Finding this mention of FBI surveillance in Snowden’s 
archive of internal NSA documents was not an isolated 
occurrence. The entire intelligence community' is able to 
access the information that the NSA collects: it routinely 
shares its vast trove of data with other agencies, including the 
FBI and the CIA. One principal purpose of the NSA’s great 
spree of data collection was precisely to boost the spread of 
information across the board. Indeed, almost every document 
pertaining to the various collection programs mentions the 
inclusion of other intelligence units. This 2012 entry from the 
NSA’s SSO unit, on sharing PRISM data, gleefully declares 
that "PRISM is a team sport!”: 



EapaadirtQ PRISM Sharing With FBI and Cl* 



Hy p- 1 --- ^ 1 bn esr; 



LTW/5I//NF] Special soy f Cl? Operas igns IS503 hflS fCCOnS ty 
UttEtaftfed snaring witn me Federal Bureau of invest igal icn-s 
{FSI> ma I he Central Intelligence Agency CCIA* on PRISM 
operations via two projects. Through these error is, has 
created am enyircjir^fn of sharing and tea-Ung across the 
inteUi^enee Comunity or*, pajsv opera r ions, Firsx, SSO'i 
pfiiNTAURA tea- solved 0 problem ter me Signals 
SrticlUgenre Directorate £SIQJ by writing software which 
would outoral icq t ly gather a list of tasked PRiSn selectors 
every two weeks to provide to ih* FBI and CIA, ms enables 
our partners to see which selectors me hot tonal Securny 
Agency (ItSA) has tattad to PRISM. The FBI and CIA men c*n 
request a copy of PftlSM collet lion fro* any selector, as 
allowed under the £ee& Foreign intelligence Surveillance 
Act (FISA> A-endsents flci 15 m. prior to paint aura - s work, 
SID i^ad been providing me fffl and Cl A with incomplete a^d 
inaccurate lists, preventing our partners fror rusk mg F ull 
U5t of the i'RiSM jarogro=. PRjrjTAjttA volunteered to gather 
me detailed data related to each selector froin nulnplc 
local ions and assemble 11 in a usable for*, in the second 
project, me prism Mission Program Manager (kph* recently 
began sending operational PR!S« oevs ond guidance lo the 
f9i and CIA 50 thflt their analysts could Tdifc the PRI5« 
Sy'.te^ property, to aware of ouioges and changes, ane 
opt idi?e their use of PRISM. The mpm coordinated an 
agreeiem frgn me 5ID foreign inielUgcnce Surveillance 
Act A-iend-cntS Act mAM Tfrm tb share mis snforruit ion 
weekly, wnlch has been well- received and appreciated . These 
two activities underscore the point that PRlSH is a teas 
spori ! 



“Upstream” collection (from fiber-optic cables) and direct 
collection from the servers of Internet companies (PRISM) 
account for most of the records gathered by the NSA. In 
addition to such sweeping surveillance, though, the NSA also 
carries out what it calls Computer Network Exploitation 
(CNE), placing malware in individual computers to surveil 
their users. When the agency succeeds in inserting such 
malware, it is able, in NSA terminology, to “own” the 
computer: to view every keystroke entered and every screen 
viewed. The Tailored Access Operations (TAO) division 
responsible for this work is, in effect, the agency’s own 
private hacker unit. 

The hacking practice is quite widespread in its own right: 
one NSA document indicates that the agency has succeeded 
in infecting at least fifty thousand individual computers with 
a type of malware called “Quantum Insertion.” One map 



shows the places where such operations have been performed 
and the number of successful insertions: 



r t.rni 



Driver It World wide- SIGINT/Defenst Cr>ptfdu£ic 
Platform 




Using Snowden documents, the New York Times reported 
that the NSA has in fact implanted this particular software “in 
nearly 100,000 computers around the world.” Although the 
malware is usually installed by “gaining access to computer 
networks, the NSA has increasingly made use of a secret 
technology that enables it to enter and alter data in 
computers even if they are not connected to the Internet.” 

Beyond its work with compliant telecoms and Internet 
companies, the NSA has also colluded with foreign 
governments to construct its far-reaching surveillance 
system. Broadly speaking, the NSA has three different 
categories of foreign relationships. The first is with the Five 
Eyes group: the US spies with these countries, but rarely on 
them, unless requested to by those countries' own officials. 
The second tier involves countries that the NSA w r orks with 



for specific surveillance projects wiiile also spying on them 
extensively. The third group is comprised of countries on 
which the United States routinely spies but with whom it 
virtually never cooperates. 

Within the Five Eyes group, the closest NSA ally is the 
British GCHQ. As the Guardian reported, based on 
documents provided by Snow 7 den, “The U.S. government has 
paid at least £ioom to the UK spy agency GCHQ over the last 
three years to secure access to and influence over Britain's 
intelligence gathering programs/’ Those payments w 7 ere an 
incentive to GCHQ to support the NSA's surveillance agenda. 
“GCHQ must pull its weight and be seen to pull its weight,” a 
secret GCHQ strategy briefing said. 

The Five Eyes members share most of their surveillance 
activities and meet each year at a Signals Development 
conference, where they boast of their expansion and the prior 
year's successes. Former NSA deputy director John Inglis has 
said of the Five Eyes alliance that they “practice intelligence 
in many regards in a combined way— essentially make sure 
that we leverage one another's capabilities for mutual 
benefit.” 

Many of the most invasive surveillance programs are 
carried out by the Five Eyes partners, a substantial number of 
these involving the GCHQ. Of special note are the British 
agency's joint efforts with the NSA to break the common 
encryption techniques that are used to safeguard personal 
Internet transactions, such as online banking and retrieval of 
medical records. The two agencies' success in setting up 
backdoor access to those encryption systems not only allowed 
them to peer at people’s private dealings, but also weakened 
the systems for everyone, making them more vulnerable to 
malicious hackers and to other foreign intelligence agencies. 




The GCHQ has also conducted mass interception of 
communications data from the world's underwater fiber-optic 
cables. Under the program name Tempora, the GCHQ 
developed the “ability to tap into and store huge volumes of 
data drawn from fibre-optic cables for up to 30 days so that it 
can be sifted and analysed/’ the Guardian reported, and the 
“GCHQ and the NSA are consequently able to access and 
process vast quantities of communications between entirely 
innocent people." The intercepted data encompass all forms 
of online activity, including “recordings of phone calls, the 
content of email messages, entries on Facebook, and the 
history of any internet user's access to websites.” 

The GCHQ's surveillance activities are every bit as 
comprehensive— and unaccountable— as the NSA's. As the 
Guardian noted: 

The sheer scale of the agency's ambition is reflected in the titles of 
its two principal components: Mastering the Internet and Global 
Telecoms Exploitation, aimed at scooping up as much online and 
telephone traffic as possible. This is all being carried out without 
any form of public acknowledgement or debate, 

Canada is also a very active partner with the NSA and an 
energetic surveillance force in its own right. At the 2012 
SigDev conference, the Communications Services 
Establishment Canada (CSEC) boasted about targeting the 
Brazilian Ministry 7 of Mines and Energy 7 , the agency in Brazil 
that regulates the industry of greatest interest to Canadian 
companies: 







AND THEY SAID TO THE 
TITANS; « WATCH OUT 
OLYMPIANS IN THE 
HOUSE! » 



(.'■SEC Advanced Ni'lwnTh TriidrciiLfl 
S&CflnftniTirt -Pwor 2*112 



OvtnD f fHUm! TOP ffiCRfCTOSl 



OLYMPIA & THE CASK STUDY 




Mm' 



CTS^k Nulwtirk Kmiwhitgu Engine 
Vnnny^ 

Chained unrichvttenl si 
Automated, rtnulyw* 



I jv.'lz.lI i eixi Ministry" of Mitscn nnd Energy" {MM Kj 

Mew turret in develop 
Limited, ju'uu-hsAzli^L knowledge 



Tnj'S 6 f^itr ( vH 






There is evidence of widespread CSEC/NSA cooperation, 
including Canada's efforts to set up spying posts for 
communications surveillance around the world at the behest 
and for the benefit of the NSA, and spying on trading partners 
targeted by the US agency. 



TTJPSSC^TJJflfl&KEI. ISA. FVi:V 




SK*irl ry Apncji 1 
L>ii1nl Stcif ric> Scrvfcc 

liifoniLbtlaai t'Hf.'t-r 



J April 2031 






BiAfftd: £LW*FCNJO} NS A InUili.fcflnw l?fleM^«hlp wflPi c 

GommunlcjBfrrst Sucirr.ty E^l^blh kintnt C»n«Ja [C&£C] 




im ^EfiUni^Aciit HSl^A.CA* 




JU| WhJiT NSA provides Eg thu partner 
($fl3Wfi£LTO USA, OWSEEItiP- W; 



[U] YV Via E Iha partner provides to ftSA.; 

(IStfSIfflREL TO USA, CAK) CSEC mwea tor advnrwd q 
AftoEySis. Has opened covert $iise& at U» request of NS^CSfO 
undqua geogrnpfedtMQ&s to nrca-s ynavSilebta (g !hfc U..S |P|i| 
pfOvWesaypt&flropble podueb. owtemutyas. Icchrraiogy. anosSffi 
Us invralmariE i?i R&O projcKts of mutual in'cim-l 

The Five Eyes relationship is so close that member 
governments place the NSA’s desires above the privacy of 
their own citizens. The Guardian reported on one 2007 
memo, for instance, describing an agreement “that allowed 
the agency to ‘unmask’ and hold on to personal data about 
Britons that had previously been off limits.” Additionally, the 
rules were changed in 2007 “to allow the NSA to analyse and 
retain any British citizens’ mobile phone and fax numbers, 
emails and IP addresses swept up by its dragnet.” 

Going a step further, in 2011 the Australian government 
explicitly pleaded with the NSA to “extend” their partnership 
and subject Australian citizens to greater surveillance. In a 
February 21 letter, the acting deputy director of Australia’s 
Intelligence Defence Signals Directorate wrote to the NSA’s 




L, pcacrasin^ and 

i MS 



Signals Intelligence Directorate, claiming that Australia “now 
face[s] a sinister and determined threat from 'home grown’ 
extremists active both abroad and within Australia.” He 
requested increased surveillance on the communications of 
Australian citizens deemed suspicious by their government: 



White we lifiv( inverted *tirf Mllcdiwi 

■effort yf oar i>wto tu find luuJ oxptusE She** ^hUimunicatiHins, I be riitiku' !■■£■* we fii.ee In 
obtaining lc^l I.u jukL whabte 4Hfrc*» Lu lueh oui'iiniiuncjaioiu unpacK on our ftbiliiy Ki detect 
pftvcn I Eemviit wE; .md dimiridir* -hit capiioiiy :n profral llio lil'i- luud Safely n: 
AUhEta.iiiUj fiftizais h:hI ihiiscnfaiLr clwj frier, d£ and ftll&ev 

Wc li.L^ cM'.kvs.'J J !or.p :iTid wry ptodwlitv paitnrr.ihip with NSA in shifting itf in spitted 
7cccf>' in Hnhed S^tes wni-micd MlltfaidiE Pg>j : e:=- 9 higkval mine tcmjrist lat^i-E* in 
kdn-;tsi.i iTus lui* beet* critfedl i<-> PSlVs eftos k' diunp’ \\i\tA tontuLi lie opemhur ml. 

iu.]jjbilnh3 el Cmttnrts in umt region a> hijptfightori by iHe r&ttAi .Unrai of fufthive Bull 
IwMiLlitn UmuT Pride. 

Wc Would very ra.iel: wtfctHnig th^ oppontiiJly Cu eaLenI ;?uiE porfrwiifrlp wish XSA to cover 
(he fncvtftpr.f ■mm'w of .Aiitirnliafl* ;j: PAfcimrjviuii lkEivlLhm - in 

poniCEllir AU'^tiin^ Involved wi-Lh Af)AP 



Beyond the Five Eyes partners, the NSA’s next level of 
cooperation is with its Tier B allies: countries that have some 
limited cooperation with the agency and are also targeted 
themselves for aggressive, unrequested surveillance. The NSA 
has clearly delineated these two levels of alliances: 



C ON FI D ENT I A L//N Q FORN7/202 9 1 1 23 



TIER A 

Comprehensive Cooperation 


Australia 
Canada 
New Zealand 
United Kingdom 


TIERB 

roc used Cooperation 


Austria 

Belgium 

Catch Republic 

Denmark 

Germany 

Greece 

Hungary 

led and 

Italy 

Japan 

Luxemberg 

Netherlands 

Norway 

Poland 

Portugal 

Sou tli Korea 

Spain 

Sweden 

Switzerland 

Turkey 



Using different designations (referring to Tier B as Third 
Parties), a more recent NSA document— from the Fiscal Year 
2013 “Foreign Partner Review”— shows an expanding list of 
NSA partners, including international organizations such as 
NATO: 



TOP 3 lMTf r r hi L UM. UIK W&. ML 

Approved STGINT Partners 



Second Parties 

Ausl^n 
Canada 
New jSeafginHj 
United Kingdom 



afsc 

NATO 

S$E;UR 

SSPAC 



Alqeriii 

Austria 



Crpabra 

Grect> RcptTbtft 
Denmefft 



Fiiifciritf- 

Prailbf 

Germany 

Gr«xc 



IiHtia 



Third Parties 

[5^ 

Italy 
fejWM 
JSfirfan. 

S4U1CJ 
Haffitfenja 
Neaic-riandE 

KonvTjy 



Pflland 
Rcm;jfiia 
SiiL'ili Arabia 
Sinoi^ore" 




5pfl[h 



Taiwan 

Thailand 

Timfeia 

UnE 



1 OH> ^ m a r rild iPUt *u.\ gpn. »,ol 



As with the GCHQ, the NSA often maintains these 
partnerships by paving its partner to develop certain 
technologies and engage in surveillance, and can thus direct 
how the spying is carried out. The Fiscal Year 2012 “Foreign 
Partner Review” reveals numerous countries that have 
received such payments, including Canada, Israel, Japan, 
Jordan, Pakistan, Taiwan, and Thailand: 




ra? KcurTflcowwT whoa* 



I. ®KiJi 

TAD FY12 CCP Funding of Partners* 



n: Jtauwrtt wft xff 












z //// s/ ss z 



09 v-i Girt i woumi r T,-OrCHHpy 



In particular, the NSA has a surveillance relationship with 








Israel that often entails cooperation as close as the Five Eyes 
partnership, if not sometimes even closer. A Memorandum of 
Understanding between the NSA and the Israeli intelligence 
sendee details how the United States takes the unusual step 
of routinely sharing with Israel raw intelligence containing 
the communications of American citizens. Among the data 
furnished to Israel are “unevaluated and unminimized 
transcripts, gists, facsimiles, telex, voice, and Digital Network 
Intelligence metadata and content.” 

What makes this sharing particularly egregious is that the 
material is sent to Israel without having undergone the 
legally required process of “minimization:' The minimization 
procedures are supposed to ensure that when the NSA' s bulk 
surveillance sweeps up some communications data that even 
the agency's very broad guidelines do not permit it to collect, 
such information is destroyed as soon as possible and not 
disseminated further. As the law is written, the minimization 
requirements already have plenty of loopholes, including 
exemptions for “significant foreign intelligence information” 
or any “evidence of a crime.” But when it comes to 
disseminating data to Israeli intelligence, the NSA has 
apparently dispensed with such legalities altogether. 

The memo flatly states: “NSA routinely sends ISNU [the 
Israeli SIGINT National Unit] minimized and unminimized 
raw collection.” 

Highlighting how a country can both cooperate on 
surveillance and be a target at the same time, an NSA 
document recounting the history of Israel’s cooperation 
noted “trust issues wdiich revolve around previous ISR 
operations,” and identified Israel as one of the most 
aggressive surveillance services acting against the United 
States: 



[TS//SI//REI-J There arc also n few surprises... FrtfncGiarEtits the US BoD 
through technical Intelligence collection, and Israel aEsotargcU us. On tSie 
onti hand, the Israelis are extraordinarily good, SIGINT partners for os, but 
*m the other, they target us to learn Our positions on Middle tiast problems. 
A N1E j National Intelligence Estimate) rtiuhed ilium as the third most 
aggressive [ntclhgencc service against the US. 



The same report observed that, despite the close relationship 
between American and Israeli intelligence agencies, the 
extensive information provided to Israel by the United States 
produced little in return. Israeli intelligence w 7 as only 
interested in collecting data that helped them. As the NSA 
complained, the partnership was geared “almost totally” to 
Israel's needs. 



Balancing the SIGINT exchange equally hetween US 
and Israeli needs has been a constant challenge in the 
last decade, it arguably tilted heavily in favor of Israeli 
security concerns. 9/1 1 came, and went, with MSA's 
only true Third Party CT relationship being driven 
almost totally by the needs of the partner. 



Another rung lower, below the Five Eyes partners and 
second-tier countries such as Israel, the third tier is 
composed of countries who are often targets but never 
partners of US spying programs. Those predictably include 
governments viewed as adversaries, such as China, Russia, 
Iran, Venezuela, and Syria. But the third tier also includes 
countries ranging from the generally friendly to neutral, such 
as Brazil, Mexico, Argentina, Indonesia, Kenya, and South 
Africa. 



* * 

When the NSA revelations first came out, the US government 
tried to defend its actions by saying that, unlike foreign 
nationals, American citizens are protected from warrantless 
NSA surveillance. On June 18, 2013, President Obama told 



Charlie Rose: “What I can say unequivocally is that if you are 
a U.S. person, the NSA cannot listen to your telephone calls ... 
by law and by rule, and unless they ... go to a court, and 
obtain a warrant, and seek probable cause, the same way it’s 
always been." The GOP chairman of the House Intelligence 
Committee, Mike Rogers, similarly told CNN that the NSA “is 
not listening to Americans" phone calls. If it did, it is illegal. It 
is breaking the law.” 

This was a rather odd line of defense: in effect, it told the 
rest of the world that the NSA does assault the privacy of 
non-Americans. Privacy protections, apparently, are only for 
American citizens. This message prompted such international 
outrage that even Facebook CEO Mark Zuckerberg, not 
exactly known for his vehement defense of privacy, 
complained that the US government “blew it” in its response 
to the NSA scandal by jeopardizing the interests of 
international Internet companies: “The government said 
don't worry, we’re not spying on any Americans. W onderful, 
that’s really helpful for companies trying to w 7 ork with people 
around the world. Thanks for going out there and being clear. 
I think that was really bad.” 

Aside from being a strange strategy, the claim is also 
patently false. In fact, contrary to the repeated denials of 
President Obama and his top officials, the NSA continuously 
intercepts the communications of American citizens, without 
any individual “probable cause” warrants to justify such 
surveillance. That’s because the 2008 FISA law, as noted 
earlier, allows the NSA— without an individual warrant— to 
monitor the content of any American’s communications as 
long as those communications are exchanged with a targeted 
foreign national. The NSA labels this “incidental” collection, 
as though it’s some sort of minor accident that the agency has 



been spying on Americans. But the implication is deceitful. As 
Jameel Jaffer, the deputy legal director of the ACLU, 
explained: 

The government often says that this surveillance of Americans’ 
communications is “incidental.” which makes it sound like the 
NSA’s surveillance of Americans’ phone calls and emails is 
inadvertent and, even from the government’s perspective, 
regrettable. 

But when the Bush administration officials asked Congress for 
this new surveillance power, they said quite explicitly that 
Americans’ communications were the communications of most 
interest to them. See, for example, FISA for the 21st century, 
Hearing Before the S. Comm. On the Judiciary, 109th Cong. 
(2006) (statement of Michael Hayden), that certain 
communications “with one end in the United States” are the ones 
“that are most important to us.” 

The principal purpose of the 2008 law was to make it possible 
for the government to collect Americans' international 
communications— and to collect those communications without 
reference to whether any party to those communications was doing 
anything illegal. And a lot of the government’s advocacy is meant 
to obscure this fact, but it’s a crucial one: The government doesn’t 
need to “target” Americans in order to collect huge volumes of their 
communications. 



Yale Law r School professor Jack Balkin concurred that the 
FISA law of 2008 effectively gave the president the authority 
to run a program “similar in effect to the warrantless 
surveillance program” that had been secretly Implemented by 
George Bush. “These programs may inevitably include many 
phone calls involving Americans, who may have absolutely no 
connection to terrorism or to Al Qaeda.” 

Further discrediting Obama’s assurances is the 
subservient posture of the FISA court, which grants almost 
every surveillance request that the NSA submits. Defenders 



of the NSA frequently tout the FISA court process as evidence 
that the agency is under effective oversight. However, the 
court was set up not as a genuine check on the government's 
pow 7 er but as a cosmetic measure, providing just the 
appearance of reform to placate public anger over 
surveillance abuses revealed in the 1970s. 

The uselessness of this institution as a true check on 
surveillance abuses is obvious because the FISA court lacks 
virtually every 7 attribute of what our society generally 
understands as the minimal elements of a justice system. It 
meets in complete secrecy; only one parly 7 — the government— 
is permitted to attend the hearings and make its case; and the 
court’s rulings are automatically designated “Top Secret.” 
Tellingly, for years the FISA court was housed in the 
Department of Justice, making clear its role as a part of the 
executive branch rather than as an independent judiciary 
exercising real oversight. 

The results have been exactly what one would expect: the 
court almost never rejects specific NSA applications to target 
Americans with surveillance. From its inception, FISA has 
been the ultimate rubber stamp. In its first twenty-four years, 
from 1978 to 2002, the court rejected a total of zero 
government applications while approving many thousands. In 
the subsequent decade, through 2012, the court has rejected 
just eleven government applications. In total, it has approved 
more than twenty thousand requests. 

One of the provisions of the 2008 FISA law 7 requires the 
executive branch annually to disclose to Congress the 
number of eavesdropping applications the court receives and 
then approves, modifies, or rejects. The disclosure for 2012 
show 7 ed that the court approved every 7 single one of the 1,788 
applications for electronic surveillance that it considered, 



wdiile “modifying”— that is, narrowing the purview 7 of the 
order— in just 40 cases, or less than 3 percent. 



Applications Made !o the Forefen Surveillance tcurl During Ciltndar 

¥idr 2&12<9Wt»n m of the Ast, 50 U-S-C. 5 I SOT) 

During calendar year 20 3 2, hue OdVemcr^nt mud* 1 ,8SS apph&tiOTii- to (he Forei^j 
latdifecDw Sumrilbra Golan {thi “RSCl for authorify CO OcndhH dttWfll* mwIIIm w 
and/pr physical searches fur ftrfrign pyfpOWS- The 3 & applicaltdci iatlude 

3pp]sCJli&G5 solely for e'raira-itic FmiTilto/icc,. tifjdioHaUfB uimfc Mlely for physical search r 

and camt-bied apptieMip&i m|ueslin^ authority fbrciecEronjc mvtill&iK? aad K&fcb- 

Ofhirse. I JftS 1 AppbetiWQS included rCHItfitS fot luthorty Co crauhxt dmUmifr akfvdUcc^ 

Of lhc« 1 one wns withdrawn by lit Govcmacat The FI5G did aol 
deny nuy appluauion* Ln wbok or in part 



Much the same was true of 2011, when the NSA reported 
1,676 applications; the FISA court, w 7 hile modifying 30 of 
them, “did not deny any applications in whole, or in part.” 

The court’s subservience to the NSA is demonstrated by 
other statistics as well. Here, for instance, is the FISA court’s 
reaction over the last six years to various requests made by 
the NSA under the Patriot Act to obtain the business records 
—telephone, financial or medical— of US persons: 



Gov't surveillance requests to FISA court 



Year 


fJmmher of business records 
requests made by U.S. Gov't 


Number of requests 
rejected by FISA court 


2005 


155 


0 


2006 


43 


0 


2007 


17 


0 


2008 


13 


0 


2009 


21 


0 


2010 


96 


0 


2011 


20s 


0 



[Saurcei Documents released by Q0Nl r 13fNuv/2G13] 



Thus, even in those limited cases when approval from the 
FISA court is needed to target someone’s communications, 
the process is more of an empty pantomime than a 
meaningful check on the NSA. 




Another layer of oversight for the NSA is ostensibly 
provided by the congressional intelligence committees, also 
created in the aftermath of the surveillance scandals of the 
1970s, but they are even more supine than the FISA court. 
While they are supposed to conduct “vigilant legislative 
oversight 1 ' over the intelligence community, those 
committees are in fact currently headed by the most devoted 
NSA loyalists in Washington: Democrat Dianne Feinstein in 
the Senate and Republican Mike Rogers in the House. Rather 
than offer any sort of adversarial check on the NSA’s 
operations, the Feinstein and Rogers committees exist 
primarily to defend and justify anything the agency does. 

As the New Yorker ’ s Ryan Lizza put it in a December 2013 
article, instead of providing oversight, the Senate committee 
more often “treats senior intelligence officials like matinee 
idols.” Observers of the committee’s hearings on NSA 
activities were shocked by how the senators approached the 
questioning of NSA officials who appeared before them. The 
“questions” typically contained nothing more than long 
monologues by the senators about their recollections of the 
9/11 attack and how vital it was to prevent attacks in the 
future. The committee members waved away the opportunity’ 
to interrogate those officials and perform their oversight 
responsibilities, instead propagandizing in defense of the 
NSA. The scene perfectly captured the true function of the 
intelligence committees over the last decade. 

Indeed, the chairs of the congressional committees have 
sometimes defended the NSA even more vigorously than the 
agency’s officials themselves have done. At one point, in 
August 2013, two members of Congress— Democrat Alan 
Grayson of Florida and Republican Morgan Griffith of 
Virginia— separately approached me to complain that the 



House Permanent Select Committee on Intelligence was 
blocking them and other members from accessing the most 
basic information about the NSA. They each gave me letters 
they had written to the staff of Chairman Rogers requesting 
information about NSA programs being discussed in the 
media. Those requests were rebuffed again and again. 

In the wake of our Snowden stories, a group of senators 
from both parties who had long been concerned with 
surveillance abuses began efforts to draft legislation that 
would impose real limits on the NSA’s powers. But these 
reformers, led by Democratic senator Ron Wvden of Oregon, 
ran into an immediate roadblock: counterefforts by the NSA’s 
defenders in the Senate to write legislation that would 
provide only the appearance of reform, while in fact retaining 
or even increasing the NSA’s powers. As Slate’s Dave W eigel 
reported in November: 

Critics of the NSA’s bulk data collection and surveillance programs 
have never been worded about congressional inaction. They’ve 
expected Congress to come up with something that looked like 
reform but actually codified and excused the practices being 
exposed and pilloried. That’s what's always happened— every 
amendment or re authorization to the 2001 USA Patriot Act has 
built more back doors, than walls. 

“We will be up against a ‘business -as -usual brigade’— made up 
of influential members of the government’s intelligence leadership, 
their allies in thinktanks [sic] and academia, retired government 
officials, and sympathetic legislators,” warned Oregon Sen. Ron 
Wyden last month. “Their endgame is ensuring that any 
surveillance reforms are only skin-deep.... Privacy’ protections that 
don’t actually protect privacy are not worth the paper they’re 
printed on.” 



The “fake reform” faction was led by Dianne Feinstein, the 
very senator who is charged w 7 ith exercising primary’ oversight 



over the NSA. Feinstein has long been a devoted loyalist of 
the US national security industry, from her vehement support 
for the war on Iraq to her steadfast backing of Bush-era NSA 
programs. (Her husband, meanwhile, has major stakes in 
various military contracts.) Clearly, Feinstein was a natural 
choice to head a committee that claims to cany out oversight 
over the intelligence community but has for years performed 
the opposite function. 

Thus, for all the government’s denials, the NSA has no 
substantial constraints on whom it can spy on and how. Even 
when such constraints nominally exist— when American 
citizens are the surveillance target— the process has become 
largely hollows The NSA is the definitive rogue agency: 
empowered to do whatever it w r ants with very little control, 
transparency, or accountability. 



-Jt -3fr 



Very broadly speaking, the NSA collects two types of 
information: content and metadata. “Content” here refers to 
actually listening to people’s phone calls or reading their 
emails and online chats, as well as reviewing Internet activity 
such as browsing histories and search activities. “Metadata” 
collection, meanw r hile, involves amassing data about those 
communications. The NSA refers to that as “information 
about content (but not the content itself)-” 

Metadata about ail email message, for instance, records 
w 7 ho emailed whom, when the email w 7 as sent, and the 
location of the person sending it. When it comes to telephone 
calls, the information includes the phone numbers of the 
caller and the receiver, how 7 long they spoke for, and often 
their locations and the types of devices they used to 
communicate. In one document about telephone calls, the 



NSA outlined the metadata it accesses and stores: 



1 

Communications Metadata Fields in 
ICREACH 



9 



ISWF} MS A popular I hpsa Ijtfds in PROTON 

Called & calling numbofi , dala r fclmtt a dufilton of call 

[SrtSi'JRELj ICREACH uaarswil? see letap-hony metadata* in Ifca following Jietds. 



DATE £ TIME 

GU RATION - -Lungth e! Call 
CAUED HUMBER 
CALLING NUMBER 

CALLED FA* (C5I(- Called SubserUwr 
ID 

TRANSMUTING FA* [t&l] - 
funtmlftUng Subearfefrr ID 
iMEl-lfflarnatKHTili Wbtjiln SulisjcrieHir 
ktonliPer 

TM31 - Trfmpgnjr* Mefaifo 
MilKMlDT 



IMEi - inEnmaEionbl Mobile Equipment 
IdwlMv 

MSlSDH - Maijlr-n S-ubsci M?m intugraErd 
Stirvictm oigiul Hetwprii 
M0N - Wrtltff Dipce-d Number 
CU-C*ilUn*kie*diFler(CJ8Jle# IDJ 
□5ME - OuglinaLiOn Short 
EAllty 

09«E - Q^lrmting Short Mmw 
Entity 

VLR - Vai i E □ ? Location PnqiMiir 

'r l < ' I .fO* .-i 7 : OA '. J-. tr . 1 



The US government has insisted that much of the 
surveillance revealed in the Snowden archive involves the 
collection of “metadata, not content,” trying to imply that this 
kind of spying is not intrusive— or at least not to the same 
degree as intercepting content. Dianne Feinstein has 
explicitly argued in USA Today that the metadata collection 
of all Americans’ telephone records “is not surveillance” at all 
because it “does not collect the content of any 
communication.” 

These disingenuous arguments obscure the fact that 
metadata surveillance can be at least as intrusive as content 
interception, and often even more so. When the government 
know r s everyone you call and everyone who calls you, plus the 
exact length of all those phone conversations; when it can list 
even 7 single one of your email correspondents and every 
location from w 7 here your emails were sent, it can create a 
remarkably comprehensive picture of your life, your 
associations, and your activities, including some of your most 



intimate and private information. 

In an affidavit filed by the ACLU challenging the legality 7 
of the NSA’s metadata collection program, Princeton 
computer science and public affairs professor Edward Felten 
explained why metadata surveillance can be especially 
revealing: 

Consider the following hypothetical example: A young woman calls 
her gynecologist; then immediately calls her mother; then a man 
who, during the past few months, she had repeatedly spoken to on 
the telephone after lipm; followed by a call to a family planning 
center that also offers abortions. A likely storyline emerges that 
would not be as evident by examining the record of a single 
telephone call. 

Even for a single phone call, the metadata can be more 
informative than the call's content. Listening in on a woman 
calling an abortion clinic might reveal nothing more than 
someone confirming an appointment with a generic-sounding 
establishment (“East Side Clinic” or “Dr. Jones’s office”). But 
the metadata would show far more than that: it would reveal 
the identity of those who were called. The same is true of 
calls to a dating service, a gay and lesbian center, a drug 
addiction clinic, an HIV specialist, or a suicide hotline. 
Metadata would likewise unmask a conversation between a 
human rights activist and an informant in a repressive 
regime, or a confidential source calling a journalist to reveal 
high-level wrongdoing. And if you frequently call someone 
late at night who is not your spouse, the metadata will reveal 
that, too. What’s more, it will record not only all the people 
with whom you communicate and how often, but also all the 
people with whom your friends and associates communicate, 
creating a comprehensive picture of your network of contacts. 



Indeed, as Professor Felten notes, eavesdropping on calls 
can be quite difficult due to language differences, meandering 
conversations, the use of slang or deliberate codes, and other 
attributes that either by design or accident obfuscate the 
meaning. “The content of calls are far more difficult to 
analvze in an automated fashion due to their unstructured 

■r 

nature,” he argued. By contrast, metadata is mathematical: 
clean, precise, and thus easily analyzed. And as Felten put it, 
it is often “a proxy for content”: 

Telephony metadata can ... expose an extraordinary 7 amount about 
our habits and our associations. Calling patterns can reveal when 
we are awake and asleep; our religion, if a person regularly makes 
no calls on the Sabbath, or makes a large number of calls on 
Christmas day; our work habits and our social aptitude: the 
number of friends we have; and even our civil and political 
affiliations. 

In sum, writes Felten, “mass collection not only allows the 
government to learn information about more people, but it 
also enables the government to learn new, previously private 
facts that it could not have learned simply by collecting the 
information about a few, specific individuals.” 

Concern about the many uses that the government could 
find for this kind of sensitive information is especially 
justified because, contrary to repeated claims from President 
Obama and the NSA, it is already clear that a substantial 
number of the agency’s activities have nothing to do with 
antiterrorism efforts or even with national security 7 . Much of 
the Snowden archive revealed what can only be called 
economic espionage: eavesdropping and email interception 
aimed at the Brazilian oil giant Petrobras, economic 
conferences in Latin America, energy companies in Venezuela 




(TS//SI) US-984 (PDDG: AX) - provides collection 
against DNR and DNI FISA Court Order authorized 
communications. 



(TS//SI) Key Targets: Diplomatic establishment, 
counterterrorism. Foreign Government, Economic 



Further evidence of the NSA's economic interest appears in a 
PRISM document showing a “sampling" of the “Reporting 
Topics” for the week of February 2-8, 2013. A list of the types 
of information gathered from various countries clearly 
includes economic and financial categories, among them 
“energy,” “trade,” and “oil”: 



lOPMCHU 51 

Cm 







~i“ r . 



(ts.f/Sl'^1' A Week in the LifcafFRISM Repotting 
Sampling of Reporting Topic* from 2-& Feb 2013 




* Mexico 

* Wprcoliti 

* Erwfgjr 

* Ik^rnai aiicunly 

* PiMam M&n 

* Japan 

r Trad* 

■ Iran' 

■ W-- fttWfl 

■ OJ 



One 2006 memorandum from the global capabilities manager 
of the agency's International Security Issues (ISI) mission 
spells out the NSA’s economic and trade espionage— against 
countries as diverse as Belgium, Japan, Brazil, and Germany 



—in stark terms: 



(If) N T SA Washington Minion 



{UJ Repujiai 



(TS//SU ISJ jS raponribJ< far 13 individual rtUli-nft SUtJCS in Lhrc^S C^tinctlE^ Qnc 
sl^ninturii tie iim bimfc .lII these counties ihdr iinpuriaiicfi lo U,S. 

economic trade, and concerns r The Western Europe find Strategic 

P^tfiftershipi division primarily faeusewon Fttfrigii policy Jiftd trade 5=i£iiv Lcits of 
Belgium* * France. Germany . h.ilv. and Spain, -u well sis Brazil . Japan said Mexico. 



(T5//S1) The Energy and Resource branch provider unique snEeMigee-ae on 
worldwide energy produaion and development in key countries that affec t the 
world economy , Target of c urrent emphasis arc 
{dSB^zi: rr ~£Sxsmsw^' RcixuLiug has ineEuded Ihc monitoring of 
jhtcmiilional investment in i he energy scctois of target countries h eleelricaJ and 
Supervisory Control md Data Acquisition (5CADA) upgrades, and computer 
aided dtigign* of projected energy pvojecu. 



Reporting on a group of GCHQ documents leaked by 
Snowden, the New York Times noted that its surveillance 
targets often included financial institutions and “heads of 
international aid organizations, foreign energy companies 
and a European Union official involved in antitrust battles 
with American technology businesses.” It added that the US 
and British agencies “monitored the communications of 
senior European Union officials, foreign leaders including 
African heads of state and sometimes their family members, 
directors of United Nations and other relief programs [such 
as UNICEF], and officials overseeing oil and finance 
ministries.” 

The reasons for economic espionage are clear enough. 
When the United States uses the NSA to eavesdrop on the 
planning strategies of other countries during trade and 
economic talks, it can gain enormous advantage for American 
industry. In 2009, for example. Assistant Secretary of State 
Thomas Shannon wrote a letter to Keith Alexander, offering 
his “gratitude and congratulations for the outstanding signals 
intelligence support” that the State Department received 
regarding the Fifth Summit of the Americas, a conference 





devoted to negotiating economic accords. In the letter, 
Shannon specifically noted that the NSA’s surveillance 
provided the United States with negotiating advantages over 
the other parties: 



Tht itwe than 100 

reports wt received from She NS A jsavp us EctsEghE jnLu Ehtr piling iiid 

imcnlfon* of other Summit pnilidpttFtt§t md ensured IhitE our diplomat* were wed 
prepared in advise Prvsidem Obamn and Secretary Ciiniori on how so deal whh 
comeniioui issues. such as Cuba, and inters wish difUiculs euunierpgm, such it* 
VcnKtitlun Prtndtm Chaves 



The NSA is equally devoted to diplomatic espionage, as the 
documents referring to “political affairs*’ demonstrate. One 
particularly egregious example, from 2011, shows how the 
agency targeted two Latin American leaders— Dilma Rousseff, 
tlie president of Brazil, along with “her key advisers”; and 
Enrique Pena Nieto, then Mexico's leading presidential 
candidate (and now its president), along with “nine of his 
close associates”— for a “surge” of especially invasive 
surveillance. The document even features some of the 
intercepted text messages sent and received by Nieto and a 
“close associate”: 



ior vtyr r'.TCMWi . "n 'oifwl m, v. 

(U//FOUO) S2C42 surge effort 
(U) Goal 

(TS//Sl//ftEL) An increased understanding of the 
communication methods and associated selectors of 
Brazilian President Diima Rousseff and her key advisers. 



TOFimrgi frc-Nittr. , tJLto iju. cm. tun, cjl\, nr. 




W* ttUCTJpmmm L Mm. ink (u. 

(U//FOUO) S2C41 surge effort 

IT5//SI//REU NW> M e*w l«cicr*hip Twr, {52C41I waduewd s 
LwO-wtek large! dEVGropmEJUtsiJF^ effort against (me ot Mexico's 
heading prES-idcnhal candidate^ Enrique Pena hliero, and nine of hiv 
dew associates. Nieto is considered hy most poliEicel pundits to be 
i he kkely winne* of the 3017. Mexican pr^idoiicial frleefiora which are 



lo be held ih July 2012- SATC lever ctRed graph analysis, i n the 
rfcvciopment surge's target dcvelopfneril effort. 







(U) Results 

(5//St//fiEL)S54S5TeKl messages 
interesting Messages 



|h Off 3n* frj * UFS ti 4 

Hifik nn n.ri em ih jfm i LtmkII^.jh i. 3 *:■ iHa-p.hLfc' H’utjaLin Jiiwt*. 



: ETS//SV/HEL] Nymber for Travel coordinator 
■ (TS//£i^ftEL) Jorge Corona - Close associate of 
Nieto 




1.1: i'.-t:.:: iSlJ Ti li-fi «l .-u Is 

,'v . it , I:m, i!s; . . 

::^TrL>es i! ,'At- il u\ 1:1 ?rr= 'I ~ 



fjiid tl :!] It | 

- '.i y*u 1 




n* mttKiwmifMi hn, 

(U) Conclusion 

J (S//REL) Contact graph-enhanced filtering is a 
simple yet effective technique, which may 
allow you to find previously unobtainable 
results and empower analytic discovery 

J {TS//SI//RELJ Teaming with S2C, SATC was 
able to successfully apply this technique 
against high-profile, OPSEC-sawy Brazilian and 
Mexican targets. 

m* jjgffirigjjgpgtgft wo**- tgto. lijtgK 




One can speculate about why political leaders of Brazil 
and Mexico were NSA targets. Both countries are rich in oil 
resources. They are a big and influential presence in the 
region. .Mid while they are far from adversaries, they are also 
not America’s closest and most trusted allies. Indeed, one 
NSA planning document— entitled ‘"Identifying Challenges: 
Geopolitical Trends for 2014-2019”— list both Mexico and 
Brazil under the heading “Friends, Enemies, or Problems?” 
Others on that list are Egypt, India, Iran, Saudi Arabia, 
Somalia, Sudan, Turkey, and Yemen. 

But ultimately, in this case as in most others, speculation 
about any specific target is based on a false premise. The NSA 
does not need any specific reason or rationale to invade 
people’s private communications. Their institutional mission 
is to collect everything. 

If anything, the revelations about NSA spying on foreign 
leaders are less significant than the agency’s warrantless 
mass surveillance of whole populations. Countries have spied 
on heads of state for centuries, including allies. This is 
unremarkable, despite the great outcry that ensued when, for 
example, the world discovered that the NSA had for many 
years targeted the personal cell phone of German chancellor 
Angela Merkel. 

More remarkable is the fact that in country' after country, 
revelations that the NSA was spying on hundreds of millions 
of their citizens produced little more than muted objections 
from their political leadership. True indignation came 
gushing forward only once those leaders understood that 
they, and not just their citizens, had been targeted as well. 

Still, the sheer scale of diplomatic surveillance the NSA 
has practiced is unusual and noteworthy. In addition to 
foreign leaders, the United States has also, for example, spied 



extensively on international organizations such as the United 
Nations to gain diplomatic advantage. One April 2013 briefing 
from SSO is typical, noting how the agency used its programs 
to obtain the UN secretary 7 general’s talking points prior to his 
meeting with President Obama: 



TOP SECRETES WNOFORN 




OPERATIONAL 

HIGHLIGHT 




(TS//SI//NF) BLARNEY Team assists 
S2C52 analysts in implementing 
Xkey score fingerprints that yield 
access to U.N, Secretary General 
talking points prior to meeting with 
POTUS. 



TOP SECRETtfSIY/NQFQRN 



Numerous other documents detail how Susan Rice, then 
ambassador to the UN and now President Obama’s national 
security 7 adviser, repeatedly requested that the NSA spy on the 
internal discussions of key member states to learn their 
negotiation strategies. A May 2010 SSO report describes this 
process in connection with a resolution being debated by the 
UN that involved imposing new sanctions on Iran. 




(S//sn BLARNEY Teafl Provides Outstanding Support to Enable 
W Security Counci; Collection 



By I NAME REDACTED I on 201C-35-28 1-130 



(T5//SI//NF) kith the UN vote on sanctions against Iren 
approaching and several countries riding the fence on 
.■aahing a decision. Ambassador Rice reached out to NSA 
requesting STGINT on those count rier, so that she coo to 
develop a strategy. With the re aui recent that this be done 
rapidly and within, aur legal authorities, the BLARNEY tear. 
Jumped in to work with organizations and partners both 
internal and external to NSA. 

(TS//S1//NF) As OGC, 5V and the TOPIs aggressively worked 
through the legal paperwork to expedite four new NSA FISA 
court orders for Gabon, Uganda, Nigeria and Bosnia, BLARNE y 
Operations Division personnel were behind the scenes 
gathering data determining what survey information was 
available or could be obtained via their long standing FBI 
contacts. As they worked to obtain information on both the 
UN Missions in NY and the Embassies in QC, the target 
development team greased the skids with appropriate data 
flow personnel and all preparations were made to ensure 
data could flow to the TQPis as soon as possible- Several 
personnel, one from legal team and one from target 
development team were called in on Saturday 22 May to 
support the 24 hour drill legal paperwork exercise doing 
their part to ensure the orders were ready for the NSA 
Director's signature early Monday morning 24 Way. 

(S//5IJ With OGC and SV pushing hard to expedite these four 
orders, they went from the NSA Director for signature to 
OcO for SECOEF signature and men to DOJ for signature by 
the FISC judge in retort* time. All four orders were signed 
by the judge on Wednesday 26 May! Once the orders were 
received oy the BLARNEY legal team, they sprung into action 
parsing these four orders plus another '’normal" renewal in 
one day. Parsing five court orders in one day - a BLARNEY 
record! As the BLARNEY legal team was busily oars mg court 
orders the BLARNEY access management team was working with 
the FBI to pass tasking information and coordinate the 
engagement with letecoirriunicalioftS partners. 



A similar surveillance document from August 2010 reveals 
that the United States spied on eight members of the UN 
Security Council regarding a subsequent resolution about 
sanctions on Iran. The list included France, Brazil, Japan, and 
Mexico— all considered friendly nations. The espionage gave 
the US government valuable information about those 
countries' voting intentions, giving W asliington an edge when 
talking to other members of the Security Council. 



UJPSLCFCI 1 <«MIM NOlOHN 



'l la^jLi •.! 2u IHI 




(U//r0l.ru) SifttH Success: SHil NT Syntw Helps Shape US 
Foreign Policy 



(T ae ihc Qufeciof ihpse kn# \.hy iu^iliejoa^ h,id Mrii-mmed collection 

FrtnCc 

Fii pn n, Mexico, Boill 

[TS//SS^/fliL] ]r ljErs;iF|rp m*> T tktfcri brjrchei ■l-n'ftv. IkPf&lufl UnfiS iL-artiiMJ with SS4 

erubleu topHY idt Ui t nn^cotmtii ind iCfu-fJEc lirionnaitoiinijftUN .tnffcmhfrriKEGmtfs i'-iv T« nvv 

USSt member, v.vgiilki Yd Ic or. Ihc Irjn SjDillprti ^ialiillDn* Kalirt^ Eftal Itifl SOntinu«tJK r.nn 
(oaijriLirK* wiih jifUvirujiL USSC PCMiauEJopit EtHiwrfi irag Eti hlicIlm r she- si.** sioiiuMfJ EurEhtT 

^Ibtlifinian 1 JliiYt 2Dlft.?il[ilJi I WJikcy if iiiJM pin p; HSUS' lYifnrn.i'd dHuiw Etc- nEtifiC rtWmhLTL nHhi- 
UNSCwflutitvc^ 



i|TS//£^AI£L] ’Jliiff! rL’-’LdHiillDn'u.j', □dnpl.ud by 1 lvj-Ivy! vaV t far, Iwn rijal nsl ijElra/il .ind T u ritijyj, ruid 
anr jbsliTvUori lYnni Lrh-JluHi. AEcurUim: M SffilHT "hpl|Hsl mcltffcrapv.- WlicriUin nLh-irr Pc mi ftp i 
RtjyfWn.WEh'nJ Wlllsl* MW n^lwillWl pwatigin m 

jiluPjkt hj n U in n c t-i . i t. •> i c s . and tif^viJ-Cit inform JElofi envjirfDus-feninErlc^ Yed Unci' ' 



To facilitate diplomatic spying, the NSA has gained various 
forms of access to the embassies and consulates of many of 
its closest allies. One 2010 document— shown here with some 
countries deleted— lists the nations whose diplomatic 
structures inside the United States were invaded by the 
agency. A glossary at the end explains the various types of 
surveillance used. 



CLOSE ACCESS SiGAD$ 



CLOSE ACCESS 5IGADS 

AW Clove As«h dcaniflHit «Jbction tnti lh 0 US-3136 Si GAD wKh a yrtidu-f 

two letter ujlfi* Tor tach -cx-ni and mmi'cm do-w Atcws cverMtas 

GEHtE colleceiiKi haitwpn auignefl the L?S-3l3 / SsfiiAD with n tiArfl-leiTi'f \uf- 

ftt 

[NmrTBrfleu-mMVHil wiih an 1 hawrcillifir beet, dropped « tti-Uaied lo Lif dropped 
In lhi> near Puturi? Plr-a\r- tftnV with TAUffllCyROS ftl&l - 1 S 7 ?jJ regarding .MJfhnNIpM. 



SISAb 11^3136 



SUFFl* 


frt!IGFTiCCHUNTHV 


IOCATWDN 


COVEKRIM 


4vtl^5IOh 


EE 




WJBh.OC 


KAtE^L 


ufesaver 


SI 


3r«i4.'!mfc 


Wwh.DC 


kaTE-EL 


WHLAND» 


vo 


fe’-KwUAJN 


fltw Vcrk 


POCOMDKi 


HPCHLAfil*^ 


HN 


ZWaiilftJN 


'l'OrK 


POCQPAQKE 


VAGRA'O 


U 


BfOilEriJN 


Krwy-Olk 


POCOP^OKE 


L1FE54VEH 


YL * 


B-ulydrldJEirit# 


Wall, DC 


MERCED 


HiGHLATfDS 


QX 1 


fttfenfeMtode Buieau 


Tbrk 


BANCSTtfl 


UFKAV^ft 


QJ 


EUrtJN 


Ww Ybrk 


PEfipIDO 


HUjHLAWDV 


SS 


E^UN 


Jinw ‘I'grk 


PEftOIDu 


UHESAVirt 


KU 


CUrtmb 


WJHh. ix 


MAGOTPV 


tiiGHUWfCU 


IP 


ttJ.'Lpnh 


With. DC. 


MAGOTMV 


MiNEKALri 


KJ 


cu;Efiitj 


Wflih.OC 


MAGC1H* 


OROPMIPE 


OF 


FranuVlJN 


truw 'fork 


ELA.CKF00T 


HiiHLAWDb 


VC 


frar^UN 


«wv York 


BLACKFOOT 


VAGRANT 


uc 


tranE^Fmp 


Wtfvn, DC 


WABASH 


HEGHtAjprDS 


IQ 


rranriVfinb 


Wlhh, DC 


WABASH 


mx 


NK 1 


GtE-rgijj'Imb 


Wwh, DC 


PJAVAURD 


HiGHLAMDl 


nv * 


&lslm guiflirim 


Wash, dc 


NAVAHflO 


VAGRANT 


RX 


ur«ceiU?J 


?«f[W York 


POWELL 


HIGHLANDS* 


ne 


firMceAJtl 


h'uw Tftrk 


POWElL 


UEESAvEft 


CD 


GroccwUmb 


W^h, DC 


KlOliDiKi 


mnghlahds 


PI 


•5 j itrrrb 


W*0i,DC 


ki.Qw[>ikF 


UFE5AVER 



IN 


GrwciVtmb 


Wash,, DC 


XLGNDSKE 


PRX 


MQ ' 


JndlAiUN 


Nttw Yo-ik 


NASHUA 


highlands 


ot * 


indlaiUN 


Kcw YeKk 


NASHUA 


MAGNETIC 


ON 


Indid.TJN 


hew Yo! k. 


NASHUA 


VAGRANT 


IS * 


IndlaiUN 


Mew Ydi k 


NASHUA 


UFESAVE.K 


ox * 


lni|ifl^mb 


WaUsK 


QSAGE 


PFfSAUER 


CQ T 


IndkiiTnlb 


Wiisrs DC 


OSAGE 


HIGHLANDS 


TQ * 


IndiaFEmU 


Wftjn., DC 


OSAGF 


VAGRANT 


CU * 


Indla^EmbAm 


Wash, DC 


QSWAYO 


VAGRANT 


DS * 


IndlflitmtiA^^ 


WasK DC 


OSWAYO 


HHjHLAN&S 


SU ‘ 


MaViTmd 


WabfL. DC 


BRDNEAU 


LrFESAVER 


MV fc 


lu^PEtnt* 


WaShw DC 


HEMiOCK 


HIGHLANDS 


IP ■ 




Mi* i.v Yl>j k 


MUL0ERBV 


MINERAL 1? 


HF • 


J^nuirVUN 


hew Vcjm k 


muiwblrv 


heghlands 


ST * 


J ,h P -3 r 1 .' I_ J r J 


hew York 


MULBCRflY 


MAGNETIC 


B.U 1 


JapdiyuN 


ri&w Toft 


MULStflftY 


VAGHANi 


IM " 


MeRjcoAJN 


hew Yen k 


AtAMlTQ 


LIFE SAVER 


UK * 


SievjkiJi/Emb 


Wiih, DC 


FLEMING 


HIGHLANDS 


"rA * 


Jl^ikli/Emb 


Wtfh. DC 


FLEPAING 


VAGRANT 


KB * 


^cisjitPi AlVitiir UN * Convulse 


Nlw York 


□OBJE- 


HIGHLANDS 


ftj * 


SnwCK AfrJcW UN -ft CpnMjIale- 


hnw Yark 


□0B1E 


VAGRANT 


VFI *' 


South 


tenv * Ycnk 


SULFUR 


vagrant 


TZ * 


Tsiwan/fECO 


hew Yo-J-k 


RtOUETTE 


VAGRANT 


VM * 


Venczurioilmb 


VWrtPi, DC 


YUKON 


UFESAVEft 


UR * 


V^n £1 ueli\JM 


flew Ydrk 


WESTPORT 


LJFF5AVFR 


MO* 


VifrlriJrniUN 


Hew York 


NAVAIO 


HkGHLjTlNDS 


ou * 


ViClrurniUN 


Hr vy Yi>: k 


NAVAJO 


VAGRANT 


GV * 


VlPtnflirvEiTib 


W^sh, D< 


PANTHER 


HtGHLANDS 


5IGA0 


US-3 f 37 









GENERAL TEfiM DESCRIPTIONS 

HIGhLAHuS C&lletifori Prcm Implant! 
vagrant Cflihttua^pi cwm^ief Screen 
MAGNETIC Sensor CalJectiftn aT h - 1 .1:^1 ■ ■ ■ t < ; tnu-utiwi 
MINERALISE Cnll V it,nn Prnm LAM Imjil.snl 

OCEAN: Ofjtkal Confection Iplcm tor ftastof-JSated Computer Sheens. 



UfrESAVEfi w*g:-n-g- el the Hai 6 Dr i« 

GFKie M .ij;l it j-T f «WiTiijn. |.jmphv.g Ihp Airq^p- *1 r 

fiJJUttHEAift ColSe<tOftffOTiianf0l UnplHM 

PRX p..hhf Br jfeh f MbjuKr Siw.Kb 

CR'i PTQ FHABlf 0 Co 1 MUflft OM *vPtl iroiwi AQ\ Vt 00- 0 Cf^pn? 

DrOPMHTF D 4Wv(r - o-iit’*. T - i ft of r iiianiEioru -.riin^ r Eft «in(fOAj 

CUSTOMS Cuti*** 1 u>m *n £1 iuJ LIFISAVi "> 

LiKC3W,ilrRF ljwh cwm-nF (oiictfoi'ii, purely pitftfJfPal *<ffw l *+ HQH* M iWfliniwS) 

dew*, weeper us* s^rur tiuk) rmrdw*i-« Jioii t.ip \ ta % p*&v;df> novr.in 

link gv>ei U^£ Urik into * twgfei hwwork OiHJtmt wdtF ftflt? wl»y*l4fn to pro 
vkJe idpr i*rte iergitr k 

RADON - 0 ■-*!*« wormi hon Ihat an ftheMifet ^ Hme rar 

Qnl a Ii>j^k L^-dir^fticnal c-. pda*tirtlon cf Denied nirtwflrtinrt*ofl iijindiinJ en-nrt 
BOA 



Some of the NSA’s metliods serve all agendas— economic, 
diplomatic, security, and obtaining an all-purpose global 
advantage— and these are among the most invasive, and 



hypocritical, in the agency's repertoire. For years, the US 
government loudly warned the world that Chinese routers 
and other Internet devices pose a “threat” because they are 
built with backdoor surveillance functionality that gives the 
Chinese government the ability’ to spy on anyone using them. 
Yet what the NSA's documents show is that Americans have 
been engaged in precisely the activity that the United States 
accused the Chinese of doing. 

The drumbeat of American accusations against Chinese 
Internet device manufacturers was unrelenting. In 2012, for 
example, a report from the House Intelligence Committee, 
headed by Mike Rogers, claimed that Huawei and ZTE, the 
top two Chinese telecommunications equipment companies, 
“may be violating United States laws” and have “not followed 
United States legal obligations or international standards of 
business behavior.” The committee recommended that “the 
United States should view with suspicion the continued 
penetration of the U.S. telecommunications market by 
Chinese telecommunications companies.” 

The Rogers committee voiced fears that the two 
companies were enabling Chinese state surveillance, 
although it acknowledged that it had obtained no actual 
evidence that the firms had implanted their routers and other 
systems with surveillance devices. Nonetheless, it cited the 
failure of those companies to cooperate and urged US firms 
to avoid purchasing their products: 

Private-sector entities in the United States are strongly encouraged 
to consider the long-term security risks associated with doing 
business with either ZTE or Huawei for equipment or services. 
U.S. network providers and systems developers are strongly 
encouraged to seek other vendors for their projects. Eased on 
available classified and unclassified information, Huawei and ZTE 



cannot be trusted to be free of foreign state influence and thus 
pose a security threat to the United States and to our systems. 

The constant accusations became such a burden that Ren 
Zhengfei, the sixty-nine-year-old founder and CEO of 
Huawei, announced in November 2013 that the company was 
abandoning the US market. As Foreign Policy reported, 
Zhengfei told a French newspaper: “Tf Huawei gets in the 
middle of U.S-China relations,’ and causes problems, 'it’s not 
worth it." 

But while American companies were being warned away 
from supposedly untrustworthy Chinese routers, foreign 
organizations would have been well advised to beware of 
American-made ones. A June 2010 report from the head of 
the NSA’s Access and Target Development department is 
shockingly explicit. The NSA routinely receives— or intercepts 
—routers, servers, and other computer network devices being 
exported from the United States before they are delivered to 
the international customers. The agency then implants 
backdoor surveillance tools, repackages the devices with a 
factory seal, and sends them on. The NSA thus gains access to 
entire networks and all their users. The document gleefully 
observes that some “SIGINT tradecraft ... is very hands-on 
(literally!)”: 



10P M.t R] I CQM1M NUldRN 



2 mn 




{!') Su?alihy IVcIiniqisies Can C rack Smncof SICiINT's 

Hordes! Tnr£«s 




Hy 1 1 I r 1 1 c M fj- - ■ • ■ ■ | c \ w j ,\«cwuihi I yqwE Ikviih^wfil {K.^n 

I rs-.si /NFi Not all stc i]\ ] imcktriti involves atec&smg $\%mh and 

nrittufk.\ frtVin Eh^usjiitefcL nf m i ki away In liicf i-inni-iiniufi i l k vrty 

bunch-un ( I i ici’ully f i- 1 kreN hen n wu]b, yhipincoto urraiupuUT nclwwk 
d^viWM^vt 1 ^, r^uicft, vR- i hhfjBg delivered rmuji iiir^i'ls ilirMuglwtil the uurld are 
Vm. ili-:v m ^ r c/ir//tfCTift?ff where Milm*! Vve$& 

OpcmEiriiyAH^ i rpcr-iiions (M> SIS&Krripl^cc*, will* ike Mipjtofc ol'ilsc Kciiml* 
OpciutiLTJiM Cenicr <Si; 1 1 enable ihc iatfuliittiim u/ Jic^ih mlo oar 

l:nyi;l> L 1 ‘kclinnK dniLVft I'hcM dcvitci jpc iWii rc-pvwl-la^cd imd phi ent lurch ittfw 
/rifffiit ip ike oe i[ 4 in:i I lIy'M i nnlum All u] tilts huppen* wiih Hie vuppw t < n' Intel ! lienee 
fcitiuimnhy fKinntfs and ilw ttchmcnl waftinh hi TAO 



r I s; M Ms Si.fi i >| u „■ ,lI 1 1 ■ !ls iruf ihv *up|lll -diMit ilLH-rdietSnri . 11 , ■ '.^ilii; .R hi/ rM.r-,1 
proctuelivc opdishtwifi irt fA( ). burnystf I he y prc-posilion acc piling; min hard Sar;jel 
neCiViWks (lttniiid eLk- WuMiI. 




*1 S'i'SL Nl'j l.t'lL liiEi=rcep[at packages arc opefled Carefully; ki^il A l, IlslJ slulinn' 1 

implants a tuawran 



Eventually, the implanted device connects back to the NSA 
infrastructure: 



< [%. SJ \T) rn one recent case, alki several uiunllm a beHeon implamLeJ thrciu&lJ suppLv- 
chiEiiS inieiElielmr calLiJ txnk In [he NSA vn^erl inli^stiuLEiire Till's Cull b aek provided 
u* niete^v in luiihti eiplnil the ikvtw ainl survey the network 



Among other devices, the agency intercepts and tampers 
with routers and servers manufactured by Cisco to direct 
large amounts of Internet traffic back to the NSA's 
repositories. (There is no evidence in the documents that 
Cisco is aware of, or condoned, these interceptions.) In April 
2013, the agency grappled with technical difficulties involving 
the intercepted Cisco network switches, which affected the 



BLARNEY, FAIRVIEW, OAKSTAR, and STORM BREW 
programs: 



TOP SECRET, 'iCflMINTi'j'REL TO USA. FVEY 

Ift+rtoil fiermi-rteJ pH 1\ a 3 1 GM'M ] 

jNtfffCrwii Program | *giw kp c 0viIi1 | ~~H 

CFOSlPp-pqrflrr l^S W> ;w ECF Lttfitf | 



fa lBlBiUK 

&M-L 



VaK£kuaaiM£hBm 



UlX^Ui SOfhM ill* no ^1 L>K» i4<KW 

■VP^Fi I'lF VItftOF Vii'J= 
iifJH^MAKER .DO&HUT 
lAIAFmRFHXINPtH 

OU^tSUWt' SLAJJ_lD?i 
iPOflTCUAJ 

4 »C-cnT£ - ^u^lsrkATuH 

RiRC«HVflnOD ^'-TAf. 

blMli I 

Ojiwn.iyw^c'. £yflS£^toe^ 

C«rmt’ , Niihvw l (l 

Cllfiviiv5JpfWir\ 

lidjt'H- ,ifllh#aT» on nil Clioo WntwOifc 



n-H.7illrti* 

U« Pm4Cl[l] EplNMt 



!Vm £4>P#vir*irKil Hrinrnd 



Rwni.j i r. u-Jiiin- - 

Mlanon f mgacr- 



Lai! CCB E .arg 

A ff w w : 



All or out Cneo rjNS tDKEl rni/lip.yip.trL nru qMmj? nrftong a Ulkj 

iJidl i!uijmji ffiLTii In ■ ilii- in'lmr-p'die^ mA 

I id: nsmsKn Impad li nr ' nnw ‘■S'Si'h lha KiaJi^ Dug upcir j , 1 b 

jr th .1 l-rffie. .](.tl',» iri “tL- iifr-.v d cAw'flfi i^i'I-aln ajiikf L : ifi ? !< msi'Al y. Iluim id 
wJrv 1 c- Oe- iHj^s , ,Vlj ia^i 1 ! Uic- Dug ill Air ub ^i'hJ *□ il'i 

inipoos^D ta □rt-'J c 4 ysD- , fc v 'rtt.jl w.fc i"uippnn -.'.■Imn '.vo a-rfJy solTwum 
upddW Av pKipoMi to Lipd«o Dtfi* al IPvc nMe ■ m NBP-32L 1 fnl ia ikrtoitmii 
H lha uc^J jJc t_h Lt»n 1 1 J P 

Ro-ur.tt,. .Mir hwti (fl rtMl lha atartif&y mDrvr^er r.jtSm Lbu KQHEUWtER 
iwdf* "iVr:ci'i ||*J| ladad, wU all^ipicin lit i“:-i:nl || S«i£w il aVm pit 

ziJ'J did n :l -iKiitil ll'-ol *-k^j 1:41:^ arty pdKiknTtt I fuvwlvtfr 
dfMftsffWfiartfl il™ L^ifl it™ anlnd CrtMS crashM unrivui i^Latilurfin irucm^n 

ISe l»K b lL»k fr-bm imut Hr frttji 'd rvKdwt MOt. Umb 



Thu =..-=t'wnji3 cnai *0 Lo IHh. (nuu? ttti> # <jiirdBaii 

ana ni.v'i lroms&.n :n Pnwta ftteifay eur -iFpgi-Bcri^ *«■ wiF s-^v!' t™ 
«]nfqu/dl ;vi hcl'ull il v.-s h^va-TddiKilMAii^ Ddfc Irurn miynoT' w* cun 

(-'fttir ufiUMWo tin saved cii-rrf-jin iHj w Wit tifllmiia mai wri m down 
no mfiio IhinHii ruh/'^i eatn nodt ^i r-= smte-ni 



ntsi^ m 

Vi* niMU t^ted ll"<i upgrEwor in oij- up i - ™ 11 yw# >6m**vpr wn cur 1 
cnpoBl LTki Lug mnr lnt> iOwmaiAl ktlD* P ft-n ^rf ontfrwTnr nn^vna wtimi 
wn 4t1ii?\n In upg n&M< nodfl Ihil * HMt^Dd &T IRI? irug 
-.15 Til ! J 10<i2 I I i ■ MjiScTD& 'J 
M Ap- SIdiihjv OGQ. Biiin™ r E i.'P HilftfVArtil 

tT.P '"*1 f ^'iiVlwiTa'l 

^Joiintnr* 

Mm ffvfiitPfl WQt* riilNA 



It is quite possible that Chinese firms are implanting 
surveillance mechanisms in their network devices. But the 
United States is certainly doing the same. 

Warning the world about Chinese surveillance could have 
been one of the motives behind the US government's claims 
that Chinese devices cannot be trusted. But an equally 
important motive seems to have been preventing Chinese 
devices from supplanting American-made ones, which would 
have limited the NSA’s own reach. In other words, Chinese 
routers and servers represent not only economic competition 




but also surveillance competition: when someone buys a 
Chinese device instead of an American one ? the NSA loses a 
crucial means of spying on a great many communication 
activities. 



* * * 

If the quantity of collection revealed was already stupefying, 
the NSA’s mission to collect all the signals all the time has 
driven the agency to expand and conquer more and more 
ground. The amount of data it captures is so vast, in fact, that 
the principal challenge the agency complains about is storing 
the heaps of information accumulated from around the globe. 
One NSA document, prepared for the Five Eyes SigDev 
Conference, set forth this central problem: 



The Challenge 

Collection is outpacing our ability to ingest, process and 
store to the "norm s’" to which we have become 
accustomed. 



The story goes back to 2006, when the agency embarked 
on what it called “Large Scale Expansion of NSA Metadata 
Sharing." At that point, the NSA predicted that its metadata 
collection would grow by six hundred billion records every 
year, growth that w’ould include one to tw 7 o billion new 
telephone call events collected every single day: 



■ bl-| ifvettyBiwHi 

Large Scale Expansion of NSA Metadata Sharing 



(SflSiJ/ftEL) Increases USA communication a metadata sharing 
from 50 billion records to 850+ billion records (grows by 1-2 billion 
records par day) 




CPwlflflMDNI 

■ ONI 

□ Pro] PSTN 
B PBTH 



•fQWZeLJ InatfJrfdS Ctffl EviWtf from ?■' Piny SIGIHT PxrifitoV fps t. J 25 Bitlion 
nxvrtti sJ 

rs uh rriMP 



By May 2007, the expansion had evidently borne fruit: the 
amount of telephone metadata the agency w 7 as storing- 
independent of email and other Internet data, and excluding 
data the NSA had deleted due to lack of storage space— had 
increased to 150 billion records: 





Once Internet-based communications were added to the mix, 
the total number of communication events stored w r as close 
to 1 trillion (this data, it should be noted, w r as then shared by 




the NSA with other agencies). 

To address its storage problem, the NSA began building a 
massive new 7 facility in Bluffdale, Utah, that has as one of its 
primary purposes the retention of all that data. As reporter 
James Bamford noted in 2012, the Bluffdale construction will 
expand the agency's capacity by adding 'Tour 25,000-square- 
foot halls filled with servers, complete with raised floor space 
for cables and storage. In addition, there will be more than 
900,000 square feet for technical support and 
administration/’ Considering the size of the building and the 
fact that, as Bamford says, “a terabyte of data can now 7 be 
stored on a flash drive the size of a man’s pinky,” the 
implications for data collection are profound. 

The need for ever-larger facilities is particularly pressing 
given the agency’s current invasions into global online 
activity, which extend far beyond the collection of metadata 
to include the actual content of emails, W eb brow T sing, search 
histories, and chats. The key program used by the NSA to 
collect, curate, and search such data, introduced in 2007, is X- 
KEYSCORE, and it affords a radical leap in the scope of the 
agency’s surveillance pow 7 ers. The NSA calls X-KEYSCORE its 
“wide st-re aching” system for collecting electronic data, and 
with good reason. 

A training document prepared for analysts claims the 
program captures “nearly everything a typical user does on 
the internet,” including the text of emails, Google searches, 
and the names of w 7 ebsites visited. X-KEYSCORE even allows 
“real-time” monitoring of a person’s online activities, 
enabling the NSA to observe emails and browning activities as 
they happen. 

Beyond collecting comprehensive data about the online 
activities of hundreds of millions of people, X-KEYSCORE 



allows any NSA analyst to search the system’s databases by 
email address, telephone number, or identifying attributes 
such as an IP address. The range of information available and 
the basic means an analyst uses to search it are illustrated in 
this slide: 



What XKS does with the Ssssion/^TPS 



Piug-ins extract and Index metadata into 
tables 




Another X-KEYSCORE slide lists the various fields of 
information that can be searched via the program’s “plug- 
ins.” Those include “every 7 email address seen in a session,” 
“every phone number seen in a session” (including “address 
book entries”), and “the w r ebmail and chat activity”: 




Plug-ins 



Plug-in 



W TO USA. 14^, Wt flai. 



DESCRIPTION 




E-mail Addresses 


indexes every E-mail address seen in a session uy 
both u s-j r n u uvj and domain 


Exacted Files 


Indexes evary rite in a session by both filename 

and extension 


Full 1 


Indexes every DNI session collected. Data Is 
mdoed by the standard N-iuppre {JR, Port, 
C^senoiatton etc.) 


HTTP parser 


Indexes the due nt- side HTTP traffic (examples to 
follow) 


Phone Number 


Indexes every phone number seen in a session {e.g. 
address book entries or signalure brock) 


1*fsor Activity 


indexes the Wcbmail and Chat activity to tnefode 
username, huddyiist, machine specito: cookies nxc. 



re? 76 U*\ «I5, fX-Y 0 WL nil 



Tlie program also offers the ability to search and retrieve 
embedded documents and images that were created, sent, or 
received: 



itw uck t/ABw UMtMta 'i m.i 1 u u» . <iu!». aw. Cm mm tttaJAbin • M 

Examples of "advanced" Plug-ins J 


■Tul'til' 


r 




Plug-in 


DESCRIPTION 


[&*r Activity 


indexes the Wcbmijil and chat activity to include 
username-. be (My list, machine specific cookie* etc. 
(Apjypnx does the exploitation) 


Document meta- 
data 


Extracts em&edaefl properties ol Mscfosoit OVioe 
and Ado ne POP hies, such as Author. Organization, 
date created tie, 





Other NS A slides openly declare the all-encompassing 
global ambition of X-KEYSCORE: 





Why are we interested in HTTP? 



Almost all web-browsmg uses HTTl 

■ Vw.'bniail (Yahoo/Hotmail/Gmail/etc.) 

■ DSN (>'ac ebo o k/M y Space/etc . J 

■ Internet Searching (Google/Bi ng/etc .) 

■ Online Mapping (Google Maps/M .aptiuesi/eic.) 



The searches enabled by the program are so specific that any 
NSA analyst is able not only to find out which websites a 
person has visited but also to assemble a comprehensive list 
of all visits to a particular website from specified computers: 









XKS HTTP Activity Search 

, ■ d 1 I 

'amrilci e E?-oir Ufa uPQyit tn 



* For example let's say we want to see 
all traffic from IP Address L 2,3,4 to 
the websi te w w w . w e bs i te m om 

• While we can just put the IP address 
and the '‘host” into the search form, 
remember what we saw before about 
the various host names for a given 
website 




Most remarkable is the ease with which analysts can 
search for whatever they want with no oversight. An analyst 
with access to X-KEYSCORE need not submit a request to a 
supervisor or any other authority. Instead, the analyst simply 
fills out a basic form to “justify” the surveillance, and the 
system returns the information requested. 



WMCMlWttittfTmHIL ID ItUk Cajh.-OCh. KT* 



Creating Email Address Queries 



Enter usernames and domains into query 




Sear dr. I iii#ti rtdtlwm*y 

i^uti-l Pl«lwi i u k.«JlL 2 

► 1 + rHfll 

■‘jiiii'irji'vwi 
VHfdi Jiu-fea- 



r-j i+iji'f ] toy “■ 7 * 00 w * ll-^ 

t*** « oud^uy- <* I 'jh ^ 



<flri 



MtiHipte usernames from 
SAME domain can do OR h o 



TOP £ECHET;'SOWI?f r Rtl IGUBA, A J a CAM MR, HZl 



In the first video interview he gave when in Hong Kong, 
Edward Snowden made an audacious claim: “I, sitting at my 
desk, could wiretap anyone, from you or your accountant, to a 
federal judge or even the president, if I had a personal email.” 
US officials vehementlv denied that this was true. Mike 

■r 

Rogers expressly accused Snowden of “lying,” adding, “It’s 
impossible for him to do what he was saying he could do.” 
But X-KEYSCORE permits an analyst to do exactly what 
Snowden said: target any user for comprehensive monitoring, 
which includes reading the content of their emails. Indeed, 
the program lets an analyst search for all emails that include 
targeted users in the “cc” line or mention of them in the body 
of the text. 

The NSA’s own instructions for searching through emails 
demonstrate just how simple and easy it is for analysts to 
monitor anyone whose address they know: 




KiPSK’R! I COM 1 NT ltt : l TO l SA A US CAN. (iHR.NZt 2D32UI4W 



Email Addresses Query: 

One ofllie mosl common queries is I you guessed ii) an Email Address Query searching 
lor :m email address. To create a query lore specific email address, you luivc lo nil in the 
name of the query, justify it and set a date range then you simply Mil in the email 
addresses) you want to search on and submit. 

Thai would look something like ill is... 

■ AfvrcwfViBqjkm - rfckVA 2 *bt3i i -t -£i c*w vAjfi C*-*- j L* j( l-txc 

Swreh: HttmII rtddres.^^ 

Cv4*V 

XttrtfJMfi: 'ifc'svptf 

n4l ^p.“SSt4tfrn-l * 

M-f.Khl.j rtrrJiipr: 

DJWn*4i I M>-:- ^ £t_r>l 2EK&-12-2 4 • vym £ 1 

Eta+I Mifinrfr* J 

C^otriM» vflbcAconi 



One of X-KEYS CORE'S most valuable functions to the 
NSA is its ability to surveil the activities on online social 
networks (OSNs), such as Facebook and Twitter, which the 
agency believes provide a wealth of information and “insight 
into the personal lives of targets:” 



mrsEaEwanmrfimiTo i sl 



What intelligence do OSN’s 



provide to the IC? 






• (S//S1//RH. it) usa. fvey) Insight into the personal 
lives of targets MAY include: 



(10 Communi cations 

* (ID Day to Day activities 

' 

* (li) Contacts and social networks 

: . z£-.zzZz--_: zr:-.:. : . ■ i 

■ (ID Photographs 

* (ID Videos 

■ (ID Personnel info 






teH§H] 



Personnel information (e.g. Addresses, 
one. Email addresses) 



(U) Location and Travel Information 



:":5: -2:--: 



toy secaCT^q»ii?nv^j.tift j^yyar 



The methods for searching social media activity are every bit 
as simple as the email search. An analyst enters the desired 
user name on, say, Facebook, along with the date range of 
activity, and X-KEYSCORE then returns all of that user's 
information, including messages, chats, and other private 
postings. 




Perhaps the most remarkable fact about X-KEYSCORE is 
the sheer quantity of data that it captures and stores at 
multiple collection sites around die world. “At some sites,” 
one report states, “the amount of data we receive per day 
(20+ terabytes) can only be stored for as little as 24 hours 
based on available resources:' For one thirty-dav period 
beginning in December 2012, the quantity’ of records 
collected by X-KEYSCORE just for one unit, the SSO, 
exceeded forty-one billion: 





X-KEYSCORE “stores the full-take content for 3-5 days, 
effectively 'slowing down the internet/"— meaning that 
“analysts can go back and recover sessions.” Then “content 
that is 'interesting' can be pulled out of X-KEYSCORE and 
pushed to Agility or PINWALE,” storage databases that 
provide longer retention. 




X-KEYSCORE’s ability to access Facebook and other social 
media sites is boosted by other programs, which include 
BLARNEY, allowing the NSA to monitor a ‘'broad range of 



Facebook data via surveillance and search activities”: 



('F5//SI//NM SLAUNcv Exploits tne Social Network via 
Expanded FscObOdk (dUctUpn 

fly [__w. ] on 2 a 1 1 - 83 " W 9737 

(T5/ZSI//KF) 5S0 HIGHLIGHT - BLWWEY Exploits the Social 
Network via Expanded Facebook Collection 



(T 5 //SI//NFJ On it March iell. BiAKNEV Began delivery of 
substantially inproved and rare complete facebook content. 
Fhts Is 0 t-ajor leap forward in nSa - s ability to exploit 
Facebook using FISA and faa author it in. This effort was 
initiated in partnership mth the f 8 I six itontos ago to 
address on unreliable and incomplete Facebook collection 
sysit*. NSA is now ahlo 10 access a brood range of Facebook 
data via surveillance end searen activities. QPIs are 
excited about receiving *any content fields, such as chat, 
on a sustained basis that had previously only been 
occasionally available, So*e content will be completely new 
including subscriber videos. Taken logetner, the new 
Facebook col fee lion will provide a robust SIGITJT 
opportunity against our targets - fror geo location based on 
their ip addresses and user agent, to colled ion. of all of 
tneir private messages and profile informs; : on. Multiple 
elements across NS A partnered to ensure the successful 
delivery of this data. An USA representative at FBI 
coordinated the rapid development of the collection system; 
SSO’i PfllNTAuRA team wrote new software and nade 
configuration changes; Its modified their protocol 
exploitation systems and the Technology Directorate fast- 
t racked upgrades to their data presentation tools so that 
APIs could view the data pruperly. 



In the UK. meanwhile, the GCHQ’s Global 
Telecommunications Exploitation (GTE) division has also 
devoted substantial resources to the task, detailed in a 2011 
presentation to the annual Five Eyes conference. 





TOP Kdffi Tr^raS. FYEV 

rg*^*Sa 




Exploiting Facebook traffic in the 
passive environment to obtain 
specific information 


IEES535 oprinv owtfefl** 

OCHO 




TCP Priv 

■Id ~ ~ ~ ~ 1 m V h hViirjiU EW fnV d itj'da* h'i hV hrb ■ ~ - ft 

— — J * ■* K- ■j 








Why OSN$? 

- Targets increasing usage of Facebook. 
BEBO, My Space etc. 

• A very rich source of information on targets: 

* Personal details 
4 'Pattern gf Life 1 

* Connections to associales 

* Media 



TOP SCGKETu^uKEU fVEV 

■P™ kmfli - ■■ '-r b r+n % nhh 1 lW«h ■>( 

V f "iMI 





The GCHQ has paid special attention to weaknesses in 
Facebook’s security system and to obtaining the kind of data 
that Facebook users attempt to shield: 



TOP 5£CRET/i^RSL F-/eY 




.ooktng to the Passive 
Environment 



• Many targets on Facebook lock down 
their profiles, so it is not possible to view 
all of their information... 

But passive offers the opportunity to 
collect this information by exploiting 
inherent weaknesses in Facebook's 
security model. 



top SSOREMtftffitEW fust 

m Tm P wnr a 1 ! Ha i VI ?:ii i > 

— t 



In particular, the GCHQ has found vulnerabilities in the 
network’s system for storing pictures, which can be used to 
gain access to Facebook IDs and album images: 







TOPSEOP? T.V£. nfl FVEf 



Exploiting the FB COM 



* Weaknesses 

* Assumed Authentication 

* Security through obscurity 

Kj* [n^i t-Joii-: U* GWrt/tfl, i praratiid J* r f «iii£J n 

^JWT liuu tki.il Uta IV, I d'Aju t * ■» 

rrP£M Pirt* Ln'i 1 

pffllilo.flk.fhed fi.ml 




r^ttll r*^../*+c. .1 .}■**.■ W M +f^.4c kVW — f .V«v> J b O'l^ 

?- ;hki sr. JM pflfi. - *L f. *-n> Pw«wl u>u ig 



T-0* Y -ii-Prf* Fv£V 

■■ i | vi^> ■ ■-—-I' ■ .H pj-wi- f-m- ' •■ ■■ “‘ ^if ■ * — 






Beyond social media networks, the NSA and the GCHQ 
continue to look for any gaps in their surveillance net, any 
communications that remain outside their grasp, and then 
develop ways to bring them under the agencies' watchful eye. 
One seemingly obscure program demonstrates this point. 

Both the NSA and GCHQ have been consumed by their 
perceived need to monitor Internet and phone 
communications of people on commercial airline flights. 
Because these are rerouted via independent satellite systems, 
they are extremely difficult to pinpoint. The idea that there is 
a moment when someone can use the Internet or their phone 



without detection— even for just a few 7 hours while flying— is 
intolerable to the surveillance agencies. In response, they 
have devoted substantial resources to developing systems 
that will intercept in-flight communications. 

At the 2012 Five Eves conference, the GCHQ presented an 
interception program named Thieving Magpie, targeting the 
increasingly available use of cell phones during flights: 





THIEVING MAGPIE 

Using on-board GSM /GPRS services to 
track targets 



SAME A ms FACT tNFOWI ATJQS 
REDACTED 



ELW Nff WT -"'iCmiXT- IP 1. Ill UJAl KVf T StfUWI 

■■ ."■.H;™ -i -i-.V- M r Wrf. rHj'-w'- ■, i .v'r mV VJ V i*'»; ' 

' 1 11 11 mummm.’Xr^i v 



On board GSM 
Services 



•Many airlines are offering on-board mobile 
phone services, particularly for long haul and 
business class (list is growing) 

•At least British Airways are restricting the 
service to data and SMS only - no voice 



iBMrosrr. l-cimlst. vh e mi iyiy sot*? i 

■“Vi™ Kfm i^Ip V f kill ^ ■« — 



The proposed solution envisioned a system to ensure 
complete “global coverage”: 








♦Global coverage via SOUTH WINDS is 
planned in the next year 



I H 1 U I , i l s I AW J 3a “i a^lJL lE.i 



Substantial headway has been made to ensure that certain 
devices are susceptible to surveillance on passenger jets: 



GPRS Events 



■Currently able to produce events Cot at least 

Blackberry phones in flight 

■Able to identify Blackberry PIN and 

associated Email addresses 

♦Tasked content into ddtastores, unseketed to 

Xkeyscore, further details of usage available 



luv uim r- 1 - 'M'.sn. ii l Iim.- w, rViV uw; 

fiifaifis j-*i +■ I v rw b# |iihj i '" H i Hi JFm t m-m ■■ ■ 1 

P ■Hr Ffr.fch -i Mfrf 



ravel Tracking 



■Wc can confirm ihal targets selectors arc on board 
specific flights in near real lime, enabling 
surveillance or direst teams to be put in place in 
advance 

■If they use data, wc can also recover email 
address*;, face book Ids, Skypc addresses etc 
■Specific aircraft can be tracked approximately every 
2 min ulcs whilst in flight 



Tw ircAt r t,T.iL. yMcy yrajkW\ 

■ WM i>-*r ■ 4 I. r .t+¥-TrH ►■p' I F^H f MF -*-r > 



A related NSA document presented at the same conference, 
for a program entitled Homing Pigeon, also describes efforts 
to monitor in-air communications. The agency’s program was 
to be coordinated with the GCHQ, and the entire system 
made available to the Five Eyes group. 



raiKUfvtT 



(U) ANALYTIC DRIVER (CONT.) 

□{S//SI//REL FVEY) Analytic Question 
Given a GSM handset detected on a known 
aircraft flight, what is the likely Identity (qr 
identities) of the handset subscriber {and vice- 
versa}? 

J(TS//SI//REL FVEY) Proposed Process 

Auto correlation of GSM handsets to subscribers 
observed on two or more flights. 






19 item.* oiviri .>rt tout!, i-m 

(U) GOING FORWARD 

J ( TS//SI //fi E L F V£ Y) S AT t wi 1 1 co mpl etc devclopmc n t 
once a reliable THIEVING MAGPIE data feed has been 
established 

U (TS//SI//REL FVEY) Once the QFO is complete, it will 
be available to FVEY users as a RESTful web service, 
JEM A component, and a light weight web page 

□ (TS//SI//REL FVEY) If the S2 QFO Review Panel elects 
to ask for homing PIGEON to be made persistent, 
its natural home would be incorporation into 
FASTSCOPE 

19 UHHjMtWlTlWl WfEkA Ml 



# * * 



There is remarkable candidness, within parts of the NSA, 
about the true purpose of building so massive a secret 
surveillance system. A PowerPoint presentation prepared for 
a group of agency officials discussing the prospect of 
international Internet standards gives the unvarnished view. 






The author of the presentation is an “NSA/SIGINT National 
Intelligence Officer (SINIO) for Science and Technology/’ a 
self-described “well trained scientist and hacker/’ 

The blunt title of his presentation: “The Role of National 
Interests, Money, and Egos/’ These three factors together, he 
says, are the primary motives driving the United States to 
maintain global surveillance domination. 



u rrf OuO 

Oh Yeah... 

■ Put Money, National Interest, and 
Ego together, and now you' re talking 
about shaping the world writ large. 

What country doesn t want to make 
the world a better pta ce... for 
itself? 



He notes that US dominance over the Internet has given the 
countr\' substantial power and influence, and has also 
generated vast profit: 



ae*R£TiVSt L to USA, *V£Y 

What' s the Threat? 



■ Let' s be blunt - the Western World 
(especially the US) gained influence and 
made a lot of money via the drafting of 
earlier standards. 

The US was the major player irs shaping 
today's Internet This resulted in pervasive 
exportation of American culture as well as 
technology II also resulted in a lot of money 
being made by US eniities. 



Such profit and power have also inevitably accrued, of 
course, to the surveillance industry itself, providing another 
motive for its endless expansion. The post-9/11 era has seen a 
massive explosion of resources dedicated to surveillance. 



Most of those resources were transferred from the public 
coffers (i.e., the American taxpayer) into the pockets of 
private surveillance defense corporations. 

Companies like Booz Allen Hamilton and AT&T employ 
hordes of former top government officials, while hordes of 
current top defense officials are past (and likely future) 
employees of those same corporations. Constantly growing 
the surveillance state is a way to ensure that the government 
funds keep flowing, that the revoking door stays greased. 
That is also the best way to ensure that the NSA and its 
related agencies retain institutional importance and influence 
inside W ashington. 

As the scale and ambition of the surveillance industry has 
grown, so has the profile of its perceived adversary'. Listing 
the various threats supposedly facing the United States, the 
NSA— in a document entitled “National Security Agency: 
Overview Briefing”— includes some predictable items: 
“hackers,” “criminal elements,” and “terrorists.” Revealingly, 
though, it also goes far broader by including among the 
threats a list of technologies, including the Internet itself: 




The Internet has long been heralded as an unprecedented 



instrument of democratization and liberalization, even 
emancipation. But in the eyes of the US government, this 
global network and other types of communications 
technology threaten to undermine American power. Viewed 
from this perspective, the NSA’s ambition to "collect it all” at 
last becomes coherent. It is vital that the NSA monitor all 
parts of the Internet and any other means of communication, 
so that none can escape US government control. 

Ultimately, beyond diplomatic manipulation and 
economic gain, a system of ubiquitous spying allows the 
United States to maintain its grip on the world. When the 
United States is able to know everything that everyone is 
doing, saying, thinking, and planning— its own citizens, 
foreign populations, international corporations, other 
government leaders— its power over those factions is 
maximized. That's doubly true if the government operates at 
ever greater levels of secrecy. The secrecy creates a one-way 
mirror: the US government sees what everyone else in the 
world does, including its own population, while no one sees 
its own actions. It is the ultimate imbalance, permitting tire 
most dangerous of all human conditions: the exercise of 
limitless power with no transparency or accountability. 

Edward Snowden's revelations subverted that dangerous 
dynamic by shining a light on the system and how it 
functions. For the first time, people everywhere were able to 
learn the true extent of the surveillance capabilities amassed 
against them. The news triggered an intense, sustained 
worldwide debate precisely because the surveillance poses 
such a grave threat to democratic governance. It also 
triggered proposals for reform, a global discussion of the 
importance of Internet freedom and privacy in the electronic 
age, and a reckoning with the vital question: What does 



limitless surveillance mean for us as individuals, in our own 
lives? 



